From 16d2c32c4dff7fd8b0ee19e3ba908c0121f6636e Mon Sep 17 00:00:00 2001 From: sfu5 Date: Mon, 19 Mar 2012 05:52:16 +0000 Subject: [PATCH] 1. Remove conducting ASSERT in BaseCryptLib. Signed-off-by: sfu5 Reviewed-by: qianouyang Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13110 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/CryptRuntimeDxe/CryptRuntime.c | 20 +- CryptoPkg/CryptRuntimeDxe/CryptRuntime.h | 20 +- CryptoPkg/Include/Library/BaseCryptLib.h | 266 +++++++++--------- CryptoPkg/Include/Protocol/RuntimeCrypt.h | 20 +- .../Library/BaseCryptLib/Cipher/CryptAes.c | 100 +++---- .../Library/BaseCryptLib/Cipher/CryptArc4.c | 58 ++-- .../Library/BaseCryptLib/Cipher/CryptTdes.c | 95 ++++--- .../Library/BaseCryptLib/Hash/CryptMd4.c | 46 +-- .../Library/BaseCryptLib/Hash/CryptMd5.c | 46 +-- .../Library/BaseCryptLib/Hash/CryptSha1.c | 46 +-- .../Library/BaseCryptLib/Hash/CryptSha256.c | 46 +-- .../Library/BaseCryptLib/Hmac/CryptHmacMd5.c | 46 +-- .../Library/BaseCryptLib/Hmac/CryptHmacSha1.c | 46 +-- CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c | 14 +- .../BaseCryptLib/Pk/CryptAuthenticode.c | 25 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c | 62 +++- .../Library/BaseCryptLib/Pk/CryptPkcs7.c | 30 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c | 113 +++++--- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 83 +++--- .../Library/BaseCryptLib/Rand/CryptRand.c | 11 +- .../RuntimeDxeIpfCryptLib.c | 20 +- 21 files changed, 681 insertions(+), 532 deletions(-) diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c index ff20da49e9..75d89648e4 100644 --- a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c +++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c @@ -2,7 +2,7 @@ Runtime Cryptographic Driver Implementation, which produce one crypto protocol. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -53,7 +53,7 @@ RuntimeCryptSha256GetContextSize ( Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for subsequent use. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. @@ -74,7 +74,7 @@ RuntimeCryptSha256Init ( Performs SHA-256 digest on a data buffer of the specified length. This function can be called multiple times to compute the digest of long or discontinuous data streams. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to the SHA-256 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -100,8 +100,8 @@ RuntimeCryptSha256Update ( Completes SHA-256 hash computation and retrieves the digest value into the specified memory. After this function has been called, the SHA-256 context cannot be used again. - If Sha256Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to SHA-256 context @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest @@ -157,7 +157,7 @@ RuntimeCryptRsaFree ( the user-specified nonnegative integer (octet string format represented in RSA PKCS#1). - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] KeyTag Tag of RSA key component being set. @@ -184,10 +184,10 @@ RuntimeCryptRsaSetKey ( Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in RSA PKCS#1. - If RsaContext is NULL, then ASSERT(). - If MessageHash is NULL, then ASSERT(). - If Signature is NULL, then ASSERT(). - If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If Signature is NULL, then return FALSE. + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, return FALSE. @param[in] RsaContext Pointer to RSA context for signature verification. @param[in] MessageHash Pointer to octet message hash to be checked. diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h index 312d7b49e1..86476450f4 100644 --- a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h +++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h @@ -1,7 +1,7 @@ /** @file Header file of Runtime Cryptographic Driver. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -41,7 +41,7 @@ RuntimeCryptSha256GetContextSize ( Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for subsequent use. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. @@ -60,7 +60,7 @@ RuntimeCryptSha256Init ( Performs SHA-256 digest on a data buffer of the specified length. This function can be called multiple times to compute the digest of long or discontinuous data streams. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to the SHA-256 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -84,8 +84,8 @@ RuntimeCryptSha256Update ( Completes SHA-256 hash computation and retrieves the digest value into the specified memory. After this function has been called, the SHA-256 context cannot be used again. - If Sha256Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to SHA-256 context @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest @@ -133,7 +133,7 @@ RuntimeCryptRsaFree ( the user-specified nonnegative integer (octet string format represented in RSA PKCS#1). - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] KeyTag Tag of RSA key component being set. @@ -158,10 +158,10 @@ RuntimeCryptRsaSetKey ( Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in RSA PKCS#1. - If RsaContext is NULL, then ASSERT(). - If MessageHash is NULL, then ASSERT(). - If Signature is NULL, then ASSERT(). - If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If Signature is NULL, then return FALSE. + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, return FALSE. @param[in] RsaContext Pointer to RSA context for signature verification. @param[in] MessageHash Pointer to octet message hash to be checked. diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 0745e9316d..69b9a888f2 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -4,7 +4,7 @@ primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security functionality enabling. -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -82,7 +82,7 @@ Md4GetContextSize ( Initializes user-supplied memory pointed by Md4Context as MD4 hash context for subsequent use. - If Md4Context is NULL, then ASSERT(). + If Md4Context is NULL, then return FALSE. @param[out] Md4Context Pointer to MD4 context being initialized. @@ -99,8 +99,8 @@ Md4Init ( /** Makes a copy of an existing MD4 context. - If Md4Context is NULL, then ASSERT(). - If NewMd4Context is NULL, then ASSERT(). + If Md4Context is NULL, then return FALSE. + If NewMd4Context is NULL, then return FALSE. @param[in] Md4Context Pointer to MD4 context being copied. @param[out] NewMd4Context Pointer to new MD4 context. @@ -124,7 +124,7 @@ Md4Duplicate ( MD4 context should be already correctly intialized by Md4Init(), and should not be finalized by Md4Final(). Behavior with invalid context is undefined. - If Md4Context is NULL, then ASSERT(). + If Md4Context is NULL, then return FALSE. @param[in, out] Md4Context Pointer to the MD4 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -151,8 +151,8 @@ Md4Update ( MD4 context should be already correctly intialized by Md4Init(), and should not be finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - If Md4Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Md4Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Md4Context Pointer to the MD4 context. @param[out] HashValue Pointer to a buffer that receives the MD4 digest @@ -185,7 +185,7 @@ Md5GetContextSize ( Initializes user-supplied memory pointed by Md5Context as MD5 hash context for subsequent use. - If Md5Context is NULL, then ASSERT(). + If Md5Context is NULL, then return FALSE. @param[out] Md5Context Pointer to MD5 context being initialized. @@ -202,8 +202,8 @@ Md5Init ( /** Makes a copy of an existing MD5 context. - If Md5Context is NULL, then ASSERT(). - If NewMd5Context is NULL, then ASSERT(). + If Md5Context is NULL, then return FALSE. + If NewMd5Context is NULL, then return FALSE. @param[in] Md5Context Pointer to MD5 context being copied. @param[out] NewMd5Context Pointer to new MD5 context. @@ -227,7 +227,7 @@ Md5Duplicate ( MD5 context should be already correctly intialized by Md5Init(), and should not be finalized by Md5Final(). Behavior with invalid context is undefined. - If Md5Context is NULL, then ASSERT(). + If Md5Context is NULL, then return FALSE. @param[in, out] Md5Context Pointer to the MD5 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -254,8 +254,8 @@ Md5Update ( MD5 context should be already correctly intialized by Md5Init(), and should not be finalized by Md5Final(). Behavior with invalid MD5 context is undefined. - If Md5Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Md5Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Md5Context Pointer to the MD5 context. @param[out] HashValue Pointer to a buffer that receives the MD5 digest @@ -288,7 +288,7 @@ Sha1GetContextSize ( Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for subsequent use. - If Sha1Context is NULL, then ASSERT(). + If Sha1Context is NULL, then return FALSE. @param[out] Sha1Context Pointer to SHA-1 context being initialized. @@ -305,8 +305,8 @@ Sha1Init ( /** Makes a copy of an existing SHA-1 context. - If Sha1Context is NULL, then ASSERT(). - If NewSha1Context is NULL, then ASSERT(). + If Sha1Context is NULL, then return FALSE. + If NewSha1Context is NULL, then return FALSE. @param[in] Sha1Context Pointer to SHA-1 context being copied. @param[out] NewSha1Context Pointer to new SHA-1 context. @@ -330,7 +330,7 @@ Sha1Duplicate ( SHA-1 context should be already correctly intialized by Sha1Init(), and should not be finalized by Sha1Final(). Behavior with invalid context is undefined. - If Sha1Context is NULL, then ASSERT(). + If Sha1Context is NULL, then return FALSE. @param[in, out] Sha1Context Pointer to the SHA-1 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -357,8 +357,8 @@ Sha1Update ( SHA-1 context should be already correctly intialized by Sha1Init(), and should not be finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined. - If Sha1Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Sha1Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Sha1Context Pointer to the SHA-1 context. @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest @@ -391,7 +391,7 @@ Sha256GetContextSize ( Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for subsequent use. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[out] Sha256Context Pointer to SHA-256 context being initialized. @@ -408,8 +408,8 @@ Sha256Init ( /** Makes a copy of an existing SHA-256 context. - If Sha256Context is NULL, then ASSERT(). - If NewSha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. + If NewSha256Context is NULL, then return FALSE. @param[in] Sha256Context Pointer to SHA-256 context being copied. @param[out] NewSha256Context Pointer to new SHA-256 context. @@ -433,7 +433,7 @@ Sha256Duplicate ( SHA-256 context should be already correctly intialized by Sha256Init(), and should not be finalized by Sha256Final(). Behavior with invalid context is undefined. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to the SHA-256 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -460,8 +460,8 @@ Sha256Update ( SHA-256 context should be already correctly intialized by Sha256Init(), and should not be finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined. - If Sha256Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to the SHA-256 context. @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest @@ -499,7 +499,7 @@ HmacMd5GetContextSize ( Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for subsequent use. - If HmacMd5Context is NULL, then ASSERT(). + If HmacMd5Context is NULL, then return FALSE. @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized. @param[in] Key Pointer to the user-supplied key. @@ -520,8 +520,8 @@ HmacMd5Init ( /** Makes a copy of an existing HMAC-MD5 context. - If HmacMd5Context is NULL, then ASSERT(). - If NewHmacMd5Context is NULL, then ASSERT(). + If HmacMd5Context is NULL, then return FALSE. + If NewHmacMd5Context is NULL, then return FALSE. @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. @@ -545,7 +545,7 @@ HmacMd5Duplicate ( HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be finalized by HmacMd5Final(). Behavior with invalid context is undefined. - If HmacMd5Context is NULL, then ASSERT(). + If HmacMd5Context is NULL, then return FALSE. @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[in] Data Pointer to the buffer containing the data to be digested. @@ -572,8 +572,8 @@ HmacMd5Update ( HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - If HmacMd5Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If HmacMd5Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[out] HashValue Pointer to a buffer that receives the HMAC-MD5 digest @@ -606,7 +606,7 @@ HmacSha1GetContextSize ( Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for subsequent use. - If HmacSha1Context is NULL, then ASSERT(). + If HmacSha1Context is NULL, then return FALSE. @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized. @param[in] Key Pointer to the user-supplied key. @@ -627,8 +627,8 @@ HmacSha1Init ( /** Makes a copy of an existing HMAC-SHA1 context. - If HmacSha1Context is NULL, then ASSERT(). - If NewHmacSha1Context is NULL, then ASSERT(). + If HmacSha1Context is NULL, then return FALSE. + If NewHmacSha1Context is NULL, then return FALSE. @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. @@ -652,7 +652,7 @@ HmacSha1Duplicate ( HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should not be finalized by HmacSha1Final(). Behavior with invalid context is undefined. - If HmacSha1Context is NULL, then ASSERT(). + If HmacSha1Context is NULL, then return FALSE. @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. @param[in] Data Pointer to the buffer containing the data to be digested. @@ -679,8 +679,8 @@ HmacSha1Update ( HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - If HmacSha1Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If HmacSha1Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. @param[out] HashValue Pointer to a buffer that receives the HMAC-SHA1 digest @@ -725,9 +725,9 @@ TdesGetContextSize ( KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) - If TdesContext is NULL, then ASSERT(). - If Key is NULL, then ASSERT(). - If KeyLength is not valid, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeyLength is not valid, then return FALSE. @param[out] TdesContext Pointer to TDES context being initialized. @param[in] Key Pointer to the user-supplied TDES key. @@ -755,10 +755,10 @@ TdesInit ( TdesContext should be already correctly initialized by TdesInit(). Behavior with invalid TDES context is undefined. - If TdesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (8 bytes), then ASSERT(). - If Output is NULL, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Output is NULL, then return FALSE. @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -788,10 +788,10 @@ TdesEcbEncrypt ( TdesContext should be already correctly initialized by TdesInit(). Behavior with invalid TDES context is undefined. - If TdesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (8 bytes), then ASSERT(). - If Output is NULL, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Output is NULL, then return FALSE. @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to be decrypted. @@ -822,11 +822,11 @@ TdesEcbDecrypt ( TdesContext should be already correctly initialized by TdesInit(). Behavior with invalid TDES context is undefined. - If TdesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (8 bytes), then ASSERT(). - If Ivec is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -859,11 +859,11 @@ TdesCbcEncrypt ( TdesContext should be already correctly initialized by TdesInit(). Behavior with invalid TDES context is undefined. - If TdesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (8 bytes), then ASSERT(). - If Ivec is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -905,9 +905,9 @@ AesGetContextSize ( operations. There are 3 options for key length, 128 bits, 192 bits, and 256 bits. - If AesContext is NULL, then ASSERT(). - If Key is NULL, then ASSERT(). - If KeyLength is not valid, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeyLength is not valid, then return FALSE. @param[out] AesContext Pointer to AES context being initialized. @param[in] Key Pointer to the user-supplied AES key. @@ -935,10 +935,10 @@ AesInit ( AesContext should be already correctly initialized by AesInit(). Behavior with invalid AES context is undefined. - If AesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (16 bytes), then ASSERT(). - If Output is NULL, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Output is NULL, then return FALSE. @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -968,10 +968,10 @@ AesEcbEncrypt ( AesContext should be already correctly initialized by AesInit(). Behavior with invalid AES context is undefined. - If AesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (16 bytes), then ASSERT(). - If Output is NULL, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Output is NULL, then return FALSE. @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be decrypted. @@ -1002,11 +1002,11 @@ AesEcbDecrypt ( AesContext should be already correctly initialized by AesInit(). Behavior with invalid AES context is undefined. - If AesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (16 bytes), then ASSERT(). - If Ivec is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -1039,11 +1039,11 @@ AesCbcEncrypt ( AesContext should be already correctly initialized by AesInit(). Behavior with invalid AES context is undefined. - If AesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (16 bytes), then ASSERT(). - If Ivec is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -1084,9 +1084,9 @@ Arc4GetContextSize ( In addtion, it sets up all ARC4 key materials for subsequent encryption and decryption operations. - If Arc4Context is NULL, then ASSERT(). - If Key is NULL, then ASSERT(). - If KeySize does not in the range of [5, 256] bytes, then ASSERT(). + If Arc4Context is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize does not in the range of [5, 256] bytes, then return FALSE. @param[out] Arc4Context Pointer to ARC4 context being initialized. @param[in] Key Pointer to the user-supplied ARC4 key. @@ -1112,9 +1112,9 @@ Arc4Init ( Arc4Context should be already correctly initialized by Arc4Init(). Behavior with invalid ARC4 context is undefined. - If Arc4Context is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If Arc4Context is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] Arc4Context Pointer to the ARC4 context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -1142,9 +1142,9 @@ Arc4Encrypt ( Arc4Context should be already correctly initialized by Arc4Init(). Behavior with invalid ARC4 context is undefined. - If Arc4Context is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If Arc4Context is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] Arc4Context Pointer to the ARC4 context. @param[in] Input Pointer to the buffer containing the data to be decrypted. @@ -1172,7 +1172,7 @@ Arc4Decrypt ( Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context should be already correctly initialized by ARC4Init(). - If Arc4Context is NULL, then ASSERT(). + If Arc4Context is NULL, then return FALSE. @param[in, out] Arc4Context Pointer to the ARC4 context. @@ -1206,7 +1206,7 @@ RsaNew ( /** Release the specified RSA context. - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in] RsaContext Pointer to the RSA context to be released. @@ -1225,7 +1225,7 @@ RsaFree ( represented in RSA PKCS#1). If BigNumber is NULL, then the specified key componenet in RSA context is cleared. - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] KeyTag Tag of RSA key component being set. @@ -1259,9 +1259,9 @@ RsaSetKey ( If the BigNumber buffer is too small to hold the contents of the key, FALSE is returned and BnSize is set to the required buffer size to obtain the key. - If RsaContext is NULL, then ASSERT(). - If BnSize is NULL, then ASSERT(). - If BnSize is large enough but BigNumber is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If BnSize is NULL, then return FALSE. + If BnSize is large enough but BigNumber is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] KeyTag Tag of RSA key component being set. @@ -1293,7 +1293,7 @@ RsaGetKey ( Before this function can be invoked, pseudorandom number generator must be correctly initialized by RandomSeed(). - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] ModulusLength Length of RSA modulus N in bits. @@ -1322,7 +1322,7 @@ RsaGenerateKey ( - Whether n = p * q - Whether d*e = 1 mod lcm(p-1,q-1) - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in] RsaContext Pointer to RSA context to check. @@ -1344,10 +1344,10 @@ RsaCheckKey ( If the Signature buffer is too small to hold the contents of signature, FALSE is returned and SigSize is set to the required buffer size to obtain the signature. - If RsaContext is NULL, then ASSERT(). - If MessageHash is NULL, then ASSERT(). - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). - If SigSize is large enough but Signature is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature generation. @param[in] MessageHash Pointer to octet message hash to be signed. @@ -1375,10 +1375,10 @@ RsaPkcs1Sign ( Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in RSA PKCS#1. - If RsaContext is NULL, then ASSERT(). - If MessageHash is NULL, then ASSERT(). - If Signature is NULL, then ASSERT(). - If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If Signature is NULL, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1, SHA-256 digest, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature verification. @param[in] MessageHash Pointer to octet message hash to be checked. @@ -1410,8 +1410,8 @@ RsaPkcs1Verify ( RSA private key component. Use RsaFree() function to free the resource. - If PemData is NULL, then ASSERT(). - If RsaContext is NULL, then ASSERT(). + If PemData is NULL, then return FALSE. + If RsaContext is NULL, then return FALSE. @retval TRUE RSA Private Key was retrieved successfully. @retval FALSE Invalid PEM key data or incorrect password. @@ -1435,8 +1435,8 @@ RsaGetPrivateKeyFromPem ( RSA public key component. Use RsaFree() function to free the resource. - If Cert is NULL, then ASSERT(). - If RsaContext is NULL, then ASSERT(). + If Cert is NULL, then return FALSE. + If RsaContext is NULL, then return FALSE. @retval TRUE RSA Public Key was retrieved successfully. @retval FALSE Fail to retrieve RSA public key from X509 certificate. @@ -1459,8 +1459,8 @@ RsaGetPublicKeyFromX509 ( @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input, and the size of buffer returned CertSubject on output. - If Cert is NULL, then ASSERT(). - If SubjectSize is NULL, then ASSERT(). + If Cert is NULL, then return FALSE. + If SubjectSize is NULL, then return FALSE. @retval TRUE The certificate subject retrieved successfully. @retval FALSE Invalid certificate, or the SubjectSize is too small for the result. @@ -1484,8 +1484,8 @@ X509GetSubjectName ( @param[in] CACert Pointer to the DER-encoded trusted CA certificate. @param[in] CACertSize Size of the CA Certificate in bytes. - If Cert is NULL, then ASSERT(). - If CACert is NULL, then ASSERT(). + If Cert is NULL, then return FALSE. + If CACert is NULL, then return FALSE. @retval TRUE The certificate was issued by the trusted CA. @retval FALSE Invalid certificate or the certificate was not issued by the given @@ -1504,8 +1504,8 @@ X509VerifyCert ( /** Construct a X509 object from DER-encoded certificate data. - If Cert is NULL, then ASSERT(). - If SingleX509Cert is NULL, then ASSERT(). + If Cert is NULL, then return FALSE. + If SingleX509Cert is NULL, then return FALSE. @param[in] Cert Pointer to the DER-encoded certificate data. @param[in] CertSize The size of certificate data in bytes. @@ -1526,7 +1526,7 @@ X509ConstructCertificate ( /** Construct a X509 stack object from a list of DER-encoded certificate data. - If X509Stack is NULL, then ASSERT(). + If X509Stack is NULL, then return FALSE. @param[in, out] X509Stack On input, pointer to an existing X509 stack object. On output, pointer to the X509 stack object with new @@ -1549,7 +1549,7 @@ X509ConstructCertificateStack ( /** Release the specified X509 object. - If X509Cert is NULL, then ASSERT(). + If X509Cert is NULL, then return FALSE. @param[in] X509Cert Pointer to the X509 object to be released. @@ -1563,7 +1563,7 @@ X509Free ( /** Release the specified X509 stack object. - If X509Stack is NULL, then ASSERT(). + If X509Stack is NULL, then return FALSE. @param[in] X509Stack Pointer to the X509 stack object to be released. @@ -1615,7 +1615,7 @@ Pkcs7Sign ( Verifies the validility of a PKCS#7 signed data as described in "PKCS #7: Cryptographic Message Syntax Standard". - If P7Data is NULL, then ASSERT(). + If P7Data is NULL, then return FALSE. @param[in] P7Data Pointer to the PKCS#7 message to verify. @param[in] P7Size Size of the PKCS#7 message in bytes. @@ -1644,8 +1644,8 @@ Pkcs7Verify ( Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows Authenticode Portable Executable Signature Format". - If AuthData is NULL, then ASSERT(). - If ImageHash is NULL, then ASSERT(). + If AuthData is NULL, then return FALSE. + If ImageHash is NULL, then return FALSE. @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed PE/COFF image to be verified. @@ -1693,7 +1693,7 @@ DhNew ( /** Release the specified DH context. - If DhContext is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. @param[in] DhContext Pointer to the DH context to be released. @@ -1713,8 +1713,8 @@ DhFree ( Before this function can be invoked, pseudorandom number generator must be correctly initialized by RandomSeed(). - If DhContext is NULL, then ASSERT(). - If Prime is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. + If Prime is NULL, then return FALSE. @param[in, out] DhContext Pointer to the DH context. @param[in] Generator Value of generator. @@ -1741,8 +1741,8 @@ DhGenerateParameter ( Given generator g, and prime number p, this function and sets DH context accordingly. - If DhContext is NULL, then ASSERT(). - If Prime is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. + If Prime is NULL, then return FALSE. @param[in, out] DhContext Pointer to the DH context. @param[in] Generator Value of generator. @@ -1773,9 +1773,9 @@ DhSetParameter ( If the PublicKey buffer is too small to hold the public key, FALSE is returned and PublicKeySize is set to the required buffer size to obtain the public key. - If DhContext is NULL, then ASSERT(). - If PublicKeySize is NULL, then ASSERT(). - If PublicKeySize is large enough but PublicKey is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. + If PublicKeySize is NULL, then return FALSE. + If PublicKeySize is large enough but PublicKey is NULL, then return FALSE. @param[in, out] DhContext Pointer to the DH context. @param[out] PublicKey Pointer to the buffer to receive generated public key. @@ -1801,10 +1801,10 @@ DhGenerateKey ( Given peer's public key, this function computes the exchanged common key, based on its own context including value of prime modulus and random secret exponent. - If DhContext is NULL, then ASSERT(). - If PeerPublicKey is NULL, then ASSERT(). - If KeySize is NULL, then ASSERT(). - If KeySize is large enough but Key is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. + If PeerPublicKey is NULL, then return FALSE. + If KeySize is NULL, then return FALSE. + If KeySize is large enough but Key is NULL, then return FALSE. @param[in, out] DhContext Pointer to the DH context. @param[in] PeerPublicKey Pointer to the peer's public key. @@ -1858,7 +1858,7 @@ RandomSeed ( /** Generates a pseudorandom byte stream of the specified size. - If Output is NULL, then ASSERT(). + If Output is NULL, then return FALSE. @param[out] Output Pointer to buffer to receive random value. @param[in] Size Size of randome bytes to generate. diff --git a/CryptoPkg/Include/Protocol/RuntimeCrypt.h b/CryptoPkg/Include/Protocol/RuntimeCrypt.h index bb97d9102e..bb03a622e9 100644 --- a/CryptoPkg/Include/Protocol/RuntimeCrypt.h +++ b/CryptoPkg/Include/Protocol/RuntimeCrypt.h @@ -3,7 +3,7 @@ Only limited crypto primitives (SHA-256 and RSA) are provided for runtime authenticated variable service. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -44,7 +44,7 @@ UINTN Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for subsequent use. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. @@ -63,7 +63,7 @@ BOOLEAN Performs SHA-256 digest on a data buffer of the specified length. This function can be called multiple times to compute the digest of long or discontinuous data streams. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to the SHA-256 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -87,8 +87,8 @@ BOOLEAN Completes SHA-256 hash computation and retrieves the digest value into the specified memory. After this function has been called, the SHA-256 context cannot be used again. - If Sha256Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to SHA-256 context @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest @@ -136,7 +136,7 @@ VOID the user-specified nonnegative integer (octet string format represented in RSA PKCS#1). - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] KeyTag Tag of RSA key component being set. @@ -160,10 +160,10 @@ BOOLEAN Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in RSA PKCS#1. - If RsaContext is NULL, then ASSERT(). - If MessageHash is NULL, then ASSERT(). - If Signature is NULL, then ASSERT(). - If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If Signature is NULL, then return FALSE. + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature verification. @param[in] MessageHash Pointer to octet message hash to be checked. diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c index e32063cd98..45e4a4392e 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAes.c @@ -1,7 +1,7 @@ /** @file AES Wrapper Implementation over OpenSSL. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -42,9 +42,9 @@ AesGetContextSize ( operations. There are 3 options for key length, 128 bits, 192 bits, and 256 bits. - If AesContext is NULL, then ASSERT(). - If Key is NULL, then ASSERT(). - If KeyLength is not valid, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeyLength is not valid, then return FALSE. @param[out] AesContext Pointer to AES context being initialized. @param[in] Key Pointer to the user-supplied AES key. @@ -64,12 +64,12 @@ AesInit ( { AES_KEY *AesKey; - ASSERT (AesContext != NULL); // - // AES Key Checking + // Check input parameters. // - ASSERT (Key != NULL); - ASSERT ((KeyLength == 128) || (KeyLength == 192) || (KeyLength == 256)); + if (AesContext == NULL || Key == NULL || (KeyLength != 128 && KeyLength != 192 && KeyLength != 256)) { + return FALSE; + } // // Initialize AES encryption & decryption key schedule. @@ -94,10 +94,10 @@ AesInit ( AesContext should be already correctly initialized by AesInit(). Behavior with invalid AES context is undefined. - If AesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (16 bytes), then ASSERT(). - If Output is NULL, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Output is NULL, then return FALSE. @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -118,12 +118,14 @@ AesEcbEncrypt ( ) { AES_KEY *AesKey; - - ASSERT (AesContext != NULL); - ASSERT (Input != NULL); - ASSERT ((InputSize % AES_BLOCK_SIZE) == 0); - ASSERT (Output != NULL); + // + // Check input parameters. + // + if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) { + return FALSE; + } + AesKey = (AES_KEY *) AesContext; // @@ -149,10 +151,10 @@ AesEcbEncrypt ( AesContext should be already correctly initialized by AesInit(). Behavior with invalid AES context is undefined. - If AesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (16 bytes), then ASSERT(). - If Output is NULL, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Output is NULL, then return FALSE. @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be decrypted. @@ -173,11 +175,13 @@ AesEcbDecrypt ( ) { AES_KEY *AesKey; - - ASSERT (AesContext != NULL); - ASSERT (Input != NULL); - ASSERT ((InputSize % AES_BLOCK_SIZE) == 0); - ASSERT (Output != NULL); + + // + // Check input parameters. + // + if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Output == NULL) { + return FALSE; + } AesKey = (AES_KEY *) AesContext; @@ -205,11 +209,11 @@ AesEcbDecrypt ( AesContext should be already correctly initialized by AesInit(). Behavior with invalid AES context is undefined. - If AesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (16 bytes), then ASSERT(). - If Ivec is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -234,11 +238,12 @@ AesCbcEncrypt ( AES_KEY *AesKey; UINT8 IvecBuffer[AES_BLOCK_SIZE]; - ASSERT (AesContext != NULL); - ASSERT (Input != NULL); - ASSERT ((InputSize % AES_BLOCK_SIZE) == 0); - ASSERT (Ivec != NULL); - ASSERT (Output != NULL); + // + // Check input parameters. + // + if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) { + return FALSE; + } AesKey = (AES_KEY *) AesContext; CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE); @@ -262,11 +267,11 @@ AesCbcEncrypt ( AesContext should be already correctly initialized by AesInit(). Behavior with invalid AES context is undefined. - If AesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (16 bytes), then ASSERT(). - If Ivec is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If AesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (16 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] AesContext Pointer to the AES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -290,12 +295,13 @@ AesCbcDecrypt ( { AES_KEY *AesKey; UINT8 IvecBuffer[AES_BLOCK_SIZE]; - - ASSERT (AesContext != NULL); - ASSERT (Input != NULL); - ASSERT ((InputSize % AES_BLOCK_SIZE) == 0); - ASSERT (Ivec != NULL); - ASSERT (Output != NULL); + + // + // Check input parameters. + // + if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) { + return FALSE; + } AesKey = (AES_KEY *) AesContext; CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE); diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c index fa8fd963dd..6921418137 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4.c @@ -1,7 +1,7 @@ /** @file ARC4 Wrapper Implementation over OpenSSL. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -42,9 +42,9 @@ Arc4GetContextSize ( In addtion, it sets up all ARC4 key materials for subsequent encryption and decryption operations. - If Arc4Context is NULL, then ASSERT(). - If Key is NULL, then ASSERT(). - If KeySize does not in the range of [5, 256] bytes, then ASSERT(). + If Arc4Context is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeySize does not in the range of [5, 256] bytes, then return FALSE. @param[out] Arc4Context Pointer to ARC4 context being initialized. @param[in] Key Pointer to the user-supplied ARC4 key. @@ -64,9 +64,12 @@ Arc4Init ( { RC4_KEY *Rc4Key; - ASSERT (Arc4Context != NULL); - ASSERT (Key != NULL); - ASSERT ((KeySize >= 5) && (KeySize <= 256)); + // + // Check input parameters. + // + if (Arc4Context == NULL || Key == NULL || (KeySize < 5 || KeySize > 256)) { + return FALSE; + } Rc4Key = (RC4_KEY *) Arc4Context; @@ -85,9 +88,9 @@ Arc4Init ( Arc4Context should be already correctly initialized by Arc4Init(). Behavior with invalid ARC4 context is undefined. - If Arc4Context is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If Arc4Context is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in, out] Arc4Context Pointer to the ARC4 context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -109,9 +112,12 @@ Arc4Encrypt ( { RC4_KEY *Rc4Key; - ASSERT (Arc4Context != NULL); - ASSERT (Input != NULL); - ASSERT (Output != NULL); + // + // Check input parameters. + // + if (Arc4Context == NULL || Input == NULL || Output == NULL) { + return FALSE; + } Rc4Key = (RC4_KEY *) Arc4Context; @@ -128,9 +134,9 @@ Arc4Encrypt ( Arc4Context should be already correctly initialized by Arc4Init(). Behavior with invalid ARC4 context is undefined. - If Arc4Context is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If Arc4Context is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in, out] Arc4Context Pointer to the ARC4 context. @param[in] Input Pointer to the buffer containing the data to be decrypted. @@ -152,9 +158,12 @@ Arc4Decrypt ( { RC4_KEY *Rc4Key; - ASSERT (Arc4Context != NULL); - ASSERT (Input != NULL); - ASSERT (Output != NULL); + // + // Check input parameters. + // + if (Arc4Context == NULL || Input == NULL || Output == NULL) { + return FALSE; + } Rc4Key = (RC4_KEY *) Arc4Context; @@ -171,7 +180,7 @@ Arc4Decrypt ( Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context should be already correctly initialized by ARC4Init(). - If Arc4Context is NULL, then ASSERT(). + If Arc4Context is NULL, then return FALSE. @param[in, out] Arc4Context Pointer to the ARC4 context. @@ -187,8 +196,13 @@ Arc4Reset ( { RC4_KEY *Rc4Key; - ASSERT (Arc4Context != NULL); - + // + // Check input parameters. + // + if (Arc4Context == NULL) { + return FALSE; + } + Rc4Key = (RC4_KEY *) Arc4Context; CopyMem (Rc4Key, Rc4Key + 1, sizeof(RC4_KEY)); diff --git a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c index 5535ab3686..8213718b42 100644 --- a/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c +++ b/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdes.c @@ -1,7 +1,7 @@ /** @file TDES Wrapper Implementation over OpenSSL. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -44,9 +44,9 @@ TdesGetContextSize ( KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) - If TdesContext is NULL, then ASSERT(). - If Key is NULL, then ASSERT(). - If KeyLength is not valid, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Key is NULL, then return FALSE. + If KeyLength is not valid, then return FALSE. @param[out] TdesContext Pointer to TDES context being initialized. @param[in] Key Pointer to the user-supplied TDES key. @@ -66,9 +66,12 @@ TdesInit ( { DES_key_schedule *KeySchedule; - ASSERT (TdesContext != NULL); - ASSERT (Key != NULL); - ASSERT ((KeyLength == 64) || (KeyLength == 128) || (KeyLength == 192)); + // + // Check input parameters. + // + if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) { + return FALSE; + } KeySchedule = (DES_key_schedule *) TdesContext; @@ -117,10 +120,10 @@ TdesInit ( TdesContext should be already correctly initialized by TdesInit(). Behavior with invalid TDES context is undefined. - If TdesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (8 bytes), then ASSERT(). - If Output is NULL, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Output is NULL, then return FALSE. @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -142,10 +145,12 @@ TdesEcbEncrypt ( { DES_key_schedule *KeySchedule; - ASSERT (TdesContext != NULL); - ASSERT (Input != NULL); - ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0); - ASSERT (Output != NULL); + // + // Check input parameters. + // + if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) { + return FALSE; + } KeySchedule = (DES_key_schedule *) TdesContext; @@ -176,10 +181,10 @@ TdesEcbEncrypt ( TdesContext should be already correctly initialized by TdesInit(). Behavior with invalid TDES context is undefined. - If TdesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (8 bytes), then ASSERT(). - If Output is NULL, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Output is NULL, then return FALSE. @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to be decrypted. @@ -201,10 +206,12 @@ TdesEcbDecrypt ( { DES_key_schedule *KeySchedule; - ASSERT (TdesContext != NULL); - ASSERT (Input != NULL); - ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0); - ASSERT (Output != NULL); + // + // Check input parameters. + // + if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Output == NULL) { + return FALSE; + } KeySchedule = (DES_key_schedule *) TdesContext; @@ -236,11 +243,11 @@ TdesEcbDecrypt ( TdesContext should be already correctly initialized by TdesInit(). Behavior with invalid TDES context is undefined. - If TdesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (8 bytes), then ASSERT(). - If Ivec is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -265,11 +272,12 @@ TdesCbcEncrypt ( DES_key_schedule *KeySchedule; UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - ASSERT (TdesContext != NULL); - ASSERT (Input != NULL); - ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0); - ASSERT (Ivec != NULL); - ASSERT (Output != NULL); + // + // Check input parameters. + // + if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) { + return FALSE; + } KeySchedule = (DES_key_schedule *) TdesContext; CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); @@ -299,11 +307,11 @@ TdesCbcEncrypt ( TdesContext should be already correctly initialized by TdesInit(). Behavior with invalid TDES context is undefined. - If TdesContext is NULL, then ASSERT(). - If Input is NULL, then ASSERT(). - If InputSize is not multiple of block size (8 bytes), then ASSERT(). - If Ivec is NULL, then ASSERT(). - If Output is NULL, then ASSERT(). + If TdesContext is NULL, then return FALSE. + If Input is NULL, then return FALSE. + If InputSize is not multiple of block size (8 bytes), then return FALSE. + If Ivec is NULL, then return FALSE. + If Output is NULL, then return FALSE. @param[in] TdesContext Pointer to the TDES context. @param[in] Input Pointer to the buffer containing the data to be encrypted. @@ -328,11 +336,12 @@ TdesCbcDecrypt ( DES_key_schedule *KeySchedule; UINT8 IvecBuffer[TDES_BLOCK_SIZE]; - ASSERT (TdesContext != NULL); - ASSERT (Input != NULL); - ASSERT ((InputSize % TDES_BLOCK_SIZE) == 0); - ASSERT (Ivec != NULL); - ASSERT (Output != NULL); + // + // Check input parameters. + // + if (TdesContext == NULL || Input == NULL || (InputSize % TDES_BLOCK_SIZE) != 0 || Ivec == NULL || Output == NULL) { + return FALSE; + } KeySchedule = (DES_key_schedule *) TdesContext; CopyMem (IvecBuffer, Ivec, TDES_BLOCK_SIZE); diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c index a5769133ed..31fc4dcea9 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4.c @@ -1,7 +1,7 @@ /** @file MD4 Digest Wrapper Implementation over OpenSSL. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -37,7 +37,7 @@ Md4GetContextSize ( Initializes user-supplied memory pointed by Md4Context as MD4 hash context for subsequent use. - If Md4Context is NULL, then ASSERT(). + If Md4Context is NULL, then return FALSE. @param[out] Md4Context Pointer to MD4 context being initialized. @@ -52,9 +52,11 @@ Md4Init ( ) { // - // ASSERT if Md4Context is NULL. + // Check input parameters. // - ASSERT (Md4Context != NULL); + if (Md4Context == NULL) { + return FALSE; + } // // OpenSSL MD4 Context Initialization @@ -65,8 +67,8 @@ Md4Init ( /** Makes a copy of an existing MD4 context. - If Md4Context is NULL, then ASSERT(). - If NewMd4Context is NULL, then ASSERT(). + If Md4Context is NULL, then return FALSE. + If NewMd4Context is NULL, then return FALSE. @param[in] Md4Context Pointer to MD4 context being copied. @param[out] NewMd4Context Pointer to new MD4 context. @@ -83,10 +85,11 @@ Md4Duplicate ( ) { // - // ASSERT if Md4Context or NewMd4Context is NULL. + // Check input parameters. // - ASSERT (Md4Context != NULL); - ASSERT (NewMd4Context != NULL); + if (Md4Context == NULL || NewMd4Context == NULL) { + return FALSE; + } CopyMem (NewMd4Context, Md4Context, sizeof (MD4_CTX)); @@ -101,7 +104,7 @@ Md4Duplicate ( MD4 context should be already correctly intialized by Md4Init(), and should not be finalized by Md4Final(). Behavior with invalid context is undefined. - If Md4Context is NULL, then ASSERT(). + If Md4Context is NULL, then return FALSE. @param[in, out] Md4Context Pointer to the MD4 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -120,15 +123,17 @@ Md4Update ( ) { // - // ASSERT if Md4Context is NULL + // Check input parameters. // - ASSERT (Md4Context != NULL); + if (Md4Context == NULL) { + return FALSE; + } // - // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // Check invalid parameters, in case that only DataLength was checked in OpenSSL // - if (Data == NULL) { - ASSERT (DataSize == 0); + if (Data == NULL && DataSize != 0) { + return FALSE; } // @@ -146,8 +151,8 @@ Md4Update ( MD4 context should be already correctly intialized by Md4Init(), and should not be finalized by Md4Final(). Behavior with invalid MD4 context is undefined. - If Md4Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Md4Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Md4Context Pointer to the MD4 context. @param[out] HashValue Pointer to a buffer that receives the MD4 digest @@ -165,10 +170,11 @@ Md4Final ( ) { // - // ASSERT if Md4Context is NULL or HashValue is NULL + // Check input parameters. // - ASSERT (Md4Context != NULL); - ASSERT (HashValue != NULL); + if (Md4Context == NULL || HashValue == NULL) { + return FALSE; + } // // OpenSSL MD4 Hash Finalization diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c index 8d5e6ed89d..1d852c7495 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c @@ -1,7 +1,7 @@ /** @file MD5 Digest Wrapper Implementation over OpenSSL. -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -39,7 +39,7 @@ Md5GetContextSize ( Initializes user-supplied memory pointed by Md5Context as MD5 hash context for subsequent use. - If Md5Context is NULL, then ASSERT(). + If Md5Context is NULL, then return FALSE. @param[out] Md5Context Pointer to MD5 context being initialized. @@ -54,9 +54,11 @@ Md5Init ( ) { // - // ASSERT if Md5Context is NULL. + // Check input parameters. // - ASSERT (Md5Context != NULL); + if ((Md5Context == NULL)) { + return FALSE; + } // // OpenSSL MD5 Context Initialization @@ -67,8 +69,8 @@ Md5Init ( /** Makes a copy of an existing MD5 context. - If Md5Context is NULL, then ASSERT(). - If NewMd5Context is NULL, then ASSERT(). + If Md5Context is NULL, then return FALSE. + If NewMd5Context is NULL, then return FALSE. @param[in] Md5Context Pointer to MD5 context being copied. @param[out] NewMd5Context Pointer to new MD5 context. @@ -85,10 +87,11 @@ Md5Duplicate ( ) { // - // ASSERT if Md5Context or NewMd5Context is NULL. + // Check input parameters. // - ASSERT (Md5Context != NULL); - ASSERT (NewMd5Context != NULL); + if (Md5Context == NULL || NewMd5Context == NULL) { + return FALSE; + } CopyMem (NewMd5Context, Md5Context, sizeof (MD5_CTX)); @@ -103,7 +106,7 @@ Md5Duplicate ( MD5 context should be already correctly intialized by Md5Init(), and should not be finalized by Md5Final(). Behavior with invalid context is undefined. - If Md5Context is NULL, then ASSERT(). + If Md5Context is NULL, then return FALSE. @param[in, out] Md5Context Pointer to the MD5 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -122,15 +125,17 @@ Md5Update ( ) { // - // ASSERT if Md5Context is NULL + // Check input parameters. // - ASSERT (Md5Context != NULL); + if (Md5Context == NULL) { + return FALSE; + } // - // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // Check invalid parameters, in case that only DataLength was checked in OpenSSL // - if (Data == NULL) { - ASSERT (DataSize == 0); + if (Data == NULL && (DataSize != 0)) { + return FALSE; } // @@ -148,8 +153,8 @@ Md5Update ( MD5 context should be already correctly intialized by Md5Init(), and should not be finalized by Md5Final(). Behavior with invalid MD5 context is undefined. - If Md5Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Md5Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Md5Context Pointer to the MD5 context. @param[out] HashValue Pointer to a buffer that receives the MD5 digest @@ -167,10 +172,11 @@ Md5Final ( ) { // - // ASSERT if Md5Context is NULL or HashValue is NULL + // Check input parameters. // - ASSERT (Md5Context != NULL); - ASSERT (HashValue != NULL); + if (Md5Context == NULL || HashValue == NULL) { + return FALSE; + } // // OpenSSL MD5 Hash Finalization diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c index 27526bcd40..633028b64e 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c @@ -1,7 +1,7 @@ /** @file SHA-1 Digest Wrapper Implementation over OpenSSL. -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -38,7 +38,7 @@ Sha1GetContextSize ( Initializes user-supplied memory pointed by Sha1Context as SHA-1 hash context for subsequent use. - If Sha1Context is NULL, then ASSERT(). + If Sha1Context is NULL, then return FALSE. @param[out] Sha1Context Pointer to SHA-1 context being initialized. @@ -53,9 +53,11 @@ Sha1Init ( ) { // - // ASSERT if Sha1Context is NULL + // Check input parameters. // - ASSERT (Sha1Context != NULL); + if (Sha1Context == NULL) { + return FALSE; + } // // OpenSSL SHA-1 Context Initialization @@ -66,8 +68,8 @@ Sha1Init ( /** Makes a copy of an existing SHA-1 context. - If Sha1Context is NULL, then ASSERT(). - If NewSha1Context is NULL, then ASSERT(). + If Sha1Context is NULL, then return FALSE. + If NewSha1Context is NULL, then return FALSE. @param[in] Sha1Context Pointer to SHA-1 context being copied. @param[out] NewSha1Context Pointer to new SHA-1 context. @@ -84,10 +86,11 @@ Sha1Duplicate ( ) { // - // ASSERT if Sha1Context or NewSha1Context is NULL. + // Check input parameters. // - ASSERT (Sha1Context != NULL); - ASSERT (NewSha1Context != NULL); + if (Sha1Context == NULL || NewSha1Context == NULL) { + return FALSE; + } CopyMem (NewSha1Context, Sha1Context, sizeof (SHA_CTX)); @@ -102,7 +105,7 @@ Sha1Duplicate ( SHA-1 context should be already correctly intialized by Sha1Init(), and should not be finalized by Sha1Final(). Behavior with invalid context is undefined. - If Sha1Context is NULL, then ASSERT(). + If Sha1Context is NULL, then return FALSE. @param[in, out] Sha1Context Pointer to the SHA-1 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -121,15 +124,17 @@ Sha1Update ( ) { // - // ASSERT if Sha1Context is NULL + // Check input parameters. // - ASSERT (Sha1Context != NULL); + if (Sha1Context == NULL) { + return FALSE; + } // - // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // Check invalid parameters, in case that only DataLength was checked in OpenSSL // - if (Data == NULL) { - ASSERT (DataSize == 0); + if (Data == NULL && DataSize != 0) { + return FALSE; } // @@ -147,8 +152,8 @@ Sha1Update ( SHA-1 context should be already correctly intialized by Sha1Init(), and should not be finalized by Sha1Final(). Behavior with invalid SHA-1 context is undefined. - If Sha1Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Sha1Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Sha1Context Pointer to the SHA-1 context. @param[out] HashValue Pointer to a buffer that receives the SHA-1 digest @@ -166,10 +171,11 @@ Sha1Final ( ) { // - // ASSERT if Sha1Context is NULL or HashValue is NULL + // Check input parameters. // - ASSERT (Sha1Context != NULL); - ASSERT (HashValue != NULL); + if (Sha1Context == NULL || HashValue == NULL) { + return FALSE; + } // // OpenSSL SHA-1 Hash Finalization diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c index 3c2f9a1155..ca0cb1aa8c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c @@ -1,7 +1,7 @@ /** @file SHA-256 Digest Wrapper Implementation over OpenSSL. -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -37,7 +37,7 @@ Sha256GetContextSize ( Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for subsequent use. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[out] Sha256Context Pointer to SHA-256 context being initialized. @@ -52,9 +52,11 @@ Sha256Init ( ) { // - // ASSERT if Sha256Context is NULL + // Check input parameters. // - ASSERT (Sha256Context != NULL); + if (Sha256Context == NULL) { + return FALSE; + } // // OpenSSL SHA-256 Context Initialization @@ -65,8 +67,8 @@ Sha256Init ( /** Makes a copy of an existing SHA-256 context. - If Sha256Context is NULL, then ASSERT(). - If NewSha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. + If NewSha256Context is NULL, then return FALSE. @param[in] Sha256Context Pointer to SHA-256 context being copied. @param[out] NewSha256Context Pointer to new SHA-256 context. @@ -83,10 +85,11 @@ Sha256Duplicate ( ) { // - // ASSERT if Sha256Context or NewSha256Context is NULL. + // Check input parameters. // - ASSERT (Sha256Context != NULL); - ASSERT (NewSha256Context != NULL); + if (Sha256Context == NULL || NewSha256Context == NULL) { + return FALSE; + } CopyMem (NewSha256Context, Sha256Context, sizeof (SHA256_CTX)); @@ -101,7 +104,7 @@ Sha256Duplicate ( SHA-256 context should be already correctly intialized by Sha256Init(), and should not be finalized by Sha256Final(). Behavior with invalid context is undefined. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to the SHA-256 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -120,15 +123,17 @@ Sha256Update ( ) { // - // ASSERT if Sha256Context is NULL + // Check input parameters. // - ASSERT (Sha256Context != NULL); + if (Sha256Context == NULL) { + return FALSE; + } // - // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // Check invalid parameters, in case that only DataLength was checked in OpenSSL // - if (Data == NULL) { - ASSERT (DataSize == 0); + if (Data == NULL && DataSize != 0) { + return FALSE; } // @@ -146,8 +151,8 @@ Sha256Update ( SHA-256 context should be already correctly intialized by Sha256Init(), and should not be finalized by Sha256Final(). Behavior with invalid SHA-256 context is undefined. - If Sha256Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to the SHA-256 context. @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest @@ -165,10 +170,11 @@ Sha256Final ( ) { // - // ASSERT if Sha256Context is NULL or HashValue is NULL + // Check input parameters. // - ASSERT (Sha256Context != NULL); - ASSERT (HashValue != NULL); + if (Sha256Context == NULL || HashValue == NULL) { + return FALSE; + } // // OpenSSL SHA-256 Hash Finalization diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c index 5386072c38..0cdab7ac11 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5.c @@ -1,7 +1,7 @@ /** @file HMAC-MD5 Wrapper Implementation over OpenSSL. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -37,7 +37,7 @@ HmacMd5GetContextSize ( Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for subsequent use. - If HmacMd5Context is NULL, then ASSERT(). + If HmacMd5Context is NULL, then return FALSE. @param[out] HmacMd5Context Pointer to HMAC-MD5 context being initialized. @param[in] Key Pointer to the user-supplied key. @@ -56,9 +56,11 @@ HmacMd5Init ( ) { // - // ASSERT if HmacMd5Context is NULL. + // Check input parameters. // - ASSERT (HmacMd5Context != NULL); + if (HmacMd5Context == NULL) { + return FALSE; + } // // OpenSSL HMAC-MD5 Context Initialization @@ -72,8 +74,8 @@ HmacMd5Init ( /** Makes a copy of an existing HMAC-MD5 context. - If HmacMd5Context is NULL, then ASSERT(). - If NewHmacMd5Context is NULL, then ASSERT(). + If HmacMd5Context is NULL, then return FALSE. + If NewHmacMd5Context is NULL, then return FALSE. @param[in] HmacMd5Context Pointer to HMAC-MD5 context being copied. @param[out] NewHmacMd5Context Pointer to new HMAC-MD5 context. @@ -90,10 +92,11 @@ HmacMd5Duplicate ( ) { // - // ASSERT if HmacMd5Context or NewHmacMd5Context is NULL. + // Check input parameters. // - ASSERT (HmacMd5Context != NULL); - ASSERT (NewHmacMd5Context != NULL); + if (HmacMd5Context == NULL || NewHmacMd5Context == NULL) { + return FALSE; + } CopyMem (NewHmacMd5Context, HmacMd5Context, sizeof (HMAC_CTX)); @@ -108,7 +111,7 @@ HmacMd5Duplicate ( HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be finalized by HmacMd5Final(). Behavior with invalid context is undefined. - If HmacMd5Context is NULL, then ASSERT(). + If HmacMd5Context is NULL, then return FALSE. @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[in] Data Pointer to the buffer containing the data to be digested. @@ -127,15 +130,17 @@ HmacMd5Update ( ) { // - // ASSERT if HmacMd5Context is NULL + // Check input parameters. // - ASSERT (HmacMd5Context != NULL); + if (HmacMd5Context == NULL) { + return FALSE; + } // - // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // Check invalid parameters, in case that only DataLength was checked in OpenSSL // - if (Data == NULL) { - ASSERT (DataSize == 0); + if (Data == NULL && DataSize != 0) { + return FALSE; } // @@ -155,8 +160,8 @@ HmacMd5Update ( HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. - If HmacMd5Context is NULL, then ASSERT(). - If HmacValue is NULL, then ASSERT(). + If HmacMd5Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest @@ -176,10 +181,11 @@ HmacMd5Final ( UINT32 Length; // - // ASSERT if HmacMd5Context is NULL or HmacValue is NULL + // Check input parameters. // - ASSERT (HmacMd5Context != NULL); - ASSERT (HmacValue != NULL); + if (HmacMd5Context == NULL || HmacValue == NULL) { + return FALSE; + } // // OpenSSL HMAC-MD5 digest finalization diff --git a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c index ff9377c0d2..58da2f3aec 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c +++ b/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1.c @@ -1,7 +1,7 @@ /** @file HMAC-SHA1 Wrapper Implementation over OpenSSL. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -37,7 +37,7 @@ HmacSha1GetContextSize ( Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for subsequent use. - If HmacSha1Context is NULL, then ASSERT(). + If HmacSha1Context is NULL, then return FALSE. @param[out] HmacSha1Context Pointer to HMAC-SHA1 context being initialized. @param[in] Key Pointer to the user-supplied key. @@ -56,9 +56,11 @@ HmacSha1Init ( ) { // - // ASSERT if HmacSha1Context is NULL. + // Check input parameters. // - ASSERT (HmacSha1Context != NULL); + if (HmacSha1Context == NULL) { + return FALSE; + } // // OpenSSL HMAC-SHA1 Context Initialization @@ -72,8 +74,8 @@ HmacSha1Init ( /** Makes a copy of an existing HMAC-SHA1 context. - If HmacSha1Context is NULL, then ASSERT(). - If NewHmacSha1Context is NULL, then ASSERT(). + If HmacSha1Context is NULL, then return FALSE. + If NewHmacSha1Context is NULL, then return FALSE. @param[in] HmacSha1Context Pointer to HMAC-SHA1 context being copied. @param[out] NewHmacSha1Context Pointer to new HMAC-SHA1 context. @@ -90,10 +92,11 @@ HmacSha1Duplicate ( ) { // - // ASSERT if HmacSha1Context or NewHmacSha1Context is NULL. + // Check input parameters. // - ASSERT (HmacSha1Context != NULL); - ASSERT (NewHmacSha1Context != NULL); + if (HmacSha1Context == NULL || NewHmacSha1Context == NULL) { + return FALSE; + } CopyMem (NewHmacSha1Context, HmacSha1Context, sizeof (HMAC_CTX)); @@ -108,7 +111,7 @@ HmacSha1Duplicate ( HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should not be finalized by HmacSha1Final(). Behavior with invalid context is undefined. - If HmacSha1Context is NULL, then ASSERT(). + If HmacSha1Context is NULL, then return FALSE. @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. @param[in] Data Pointer to the buffer containing the data to be digested. @@ -127,15 +130,17 @@ HmacSha1Update ( ) { // - // ASSERT if HmacSha1Context is NULL + // Check input parameters. // - ASSERT (HmacSha1Context != NULL); + if (HmacSha1Context == NULL) { + return FALSE; + } // - // ASSERT if invalid parameters, in case that only DataLength was checked in OpenSSL + // Check invalid parameters, in case that only DataLength was checked in OpenSSL // - if (Data == NULL) { - ASSERT (DataSize == 0); + if (Data == NULL && DataSize != 0) { + return FALSE; } // @@ -155,8 +160,8 @@ HmacSha1Update ( HMAC-SHA1 context should be already correctly intialized by HmacSha1Init(), and should not be finalized by HmacSha1Final(). Behavior with invalid HMAC-SHA1 context is undefined. - If HmacSha1Context is NULL, then ASSERT(). - If HmacValue is NULL, then ASSERT(). + If HmacSha1Context is NULL, then return FALSE. + If HmacValue is NULL, then return FALSE. @param[in, out] HmacSha1Context Pointer to the HMAC-SHA1 context. @param[out] HmacValue Pointer to a buffer that receives the HMAC-SHA1 digest @@ -176,10 +181,11 @@ HmacSha1Final ( UINT32 Length; // - // ASSERT if HmacSha1Context is NULL or HmacValue is NULL + // Check input parameters. // - ASSERT (HmacSha1Context != NULL); - ASSERT (HmacValue != NULL); + if (HmacSha1Context == NULL || HmacValue == NULL) { + return FALSE; + } // // OpenSSL HMAC-SHA1 digest finalization diff --git a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c index 0b37adc33e..2c3a97b2c0 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c +++ b/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c @@ -1,7 +1,7 @@ /** @file PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL. -Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -60,8 +60,8 @@ PasswordCallback ( RSA private key component. Use RsaFree() function to free the resource. - If PemData is NULL, then ASSERT(). - If RsaContext is NULL, then ASSERT(). + If PemData is NULL, then return FALSE. + If RsaContext is NULL, then return FALSE. @retval TRUE RSA Private Key was retrieved successfully. @retval FALSE Invalid PEM key data or incorrect password. @@ -80,11 +80,11 @@ RsaGetPrivateKeyFromPem ( BIO *PemBio; // - // ASSERT if PemData is NULL or RsaContext is NULL. + // Check input parameters. // - ASSERT (PemData != NULL); - ASSERT (RsaContext != NULL); - ASSERT (PemSize <= INT_MAX); + if (PemData == NULL || RsaContext == NULL || PemSize > INT_MAX) { + return FALSE; + } Status = FALSE; PemBio = NULL; diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c index 0321b20349..a1f8c58e74 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c @@ -1,7 +1,7 @@ /** @file Authenticode Portable Executable Signature Verification over OpenSSL. -Copyright (c) 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -23,8 +23,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows Authenticode Portable Executable Signature Format". - If AuthData is NULL, then ASSERT(). - If ImageHash is NULL, then ASSERT(). + If AuthData is NULL, then return FALSE. + If ImageHash is NULL, then return FALSE. @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed PE/COFF image to be verified. @@ -60,11 +60,15 @@ AuthenticodeVerify ( UINTN ContentSize; // - // ASSERT if Authenticode Signature Data or PE Image Hash is NULL. + // Check input parameters. // - ASSERT (AuthData != NULL); - ASSERT (ImageHash != NULL); - ASSERT (DataSize <= INT_MAX); + if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) { + return FALSE; + } + + if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) { + return FALSE; + } Status = FALSE; Pkcs7 = NULL; @@ -96,6 +100,7 @@ AuthenticodeVerify ( // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent. // Asn1Byte = *(SpcIndirectDataContent + 1); + if ((Asn1Byte & 0x80) == 0) { // // Short Form of Length Encoding @@ -105,9 +110,9 @@ AuthenticodeVerify ( // Skip the SEQUENCE Tag; // SpcIndirectDataContent += 2; - } else { + } else if ((Asn1Byte & 0x82) == 0x82) { // - // Long Form of Length Encoding (Assume Only two bytes here) + // Long Form of Length Encoding, only support two bytes. // ContentSize = (UINTN) (*(SpcIndirectDataContent + 2)); ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3)); @@ -115,6 +120,8 @@ AuthenticodeVerify ( // Skip the SEQUENCE Tag; // SpcIndirectDataContent += 4; + } else { + goto _Exit; } // diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c index b7e164cf43..20f13469b3 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c @@ -1,7 +1,7 @@ /** @file Diffie-Hellman Wrapper Implementation over OpenSSL. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -38,7 +38,7 @@ DhNew ( /** Release the specified DH context. - If DhContext is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. @param[in] DhContext Pointer to the DH context to be released. @@ -64,8 +64,8 @@ DhFree ( Before this function can be invoked, pseudorandom number generator must be correctly initialized by RandomSeed(). - If DhContext is NULL, then ASSERT(). - If Prime is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. + If Prime is NULL, then return FALSE. @param[in, out] DhContext Pointer to the DH context. @param[in] Generator Value of generator. @@ -88,6 +88,13 @@ DhGenerateParameter ( { BOOLEAN RetVal; + // + // Check input parameters. + // + if (DhContext == NULL || Prime == NULL) { + return FALSE; + } + if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { return FALSE; } @@ -108,8 +115,8 @@ DhGenerateParameter ( Given generator g, and prime number p, this function and sets DH context accordingly. - If DhContext is NULL, then ASSERT(). - If Prime is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. + If Prime is NULL, then return FALSE. @param[in, out] DhContext Pointer to the DH context. @param[in] Generator Value of generator. @@ -134,6 +141,13 @@ DhSetParameter ( { DH *Dh; + // + // Check input parameters. + // + if (DhContext == NULL || Prime == NULL) { + return FALSE; + } + if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) { return FALSE; } @@ -156,9 +170,9 @@ DhSetParameter ( If the PublicKey buffer is too small to hold the public key, FALSE is returned and PublicKeySize is set to the required buffer size to obtain the public key. - If DhContext is NULL, then ASSERT(). - If PublicKeySize is NULL, then ASSERT(). - If PublicKeySize is large enough but PublicKey is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. + If PublicKeySize is NULL, then return FALSE. + If PublicKeySize is large enough but PublicKey is NULL, then return FALSE. @param[in, out] DhContext Pointer to the DH context. @param[out] PublicKey Pointer to the buffer to receive generated public key. @@ -181,6 +195,17 @@ DhGenerateKey ( BOOLEAN RetVal; DH *Dh; + // + // Check input parameters. + // + if (DhContext == NULL || PublicKeySize == NULL) { + return FALSE; + } + + if (PublicKey == NULL && *PublicKeySize != 0) { + return FALSE; + } + Dh = (DH *) DhContext; *PublicKeySize = 0; @@ -199,10 +224,10 @@ DhGenerateKey ( Given peer's public key, this function computes the exchanged common key, based on its own context including value of prime modulus and random secret exponent. - If DhContext is NULL, then ASSERT(). - If PeerPublicKey is NULL, then ASSERT(). - If KeySize is NULL, then ASSERT(). - If KeySize is large enough but Key is NULL, then ASSERT(). + If DhContext is NULL, then return FALSE. + If PeerPublicKey is NULL, then return FALSE. + If KeySize is NULL, then return FALSE. + If KeySize is large enough but Key is NULL, then return FALSE. @param[in, out] DhContext Pointer to the DH context. @param[in] PeerPublicKey Pointer to the peer's public key. @@ -228,6 +253,17 @@ DhComputeKey ( { BIGNUM *Bn; + // + // Check input parameters. + // + if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL) { + return FALSE; + } + + if (Key == NULL && *KeySize != 0) { + return FALSE; + } + Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL); *KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext); diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c index 83f0dfcd5a..1617642323 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c @@ -1,7 +1,7 @@ /** @file PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL. -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -150,13 +150,10 @@ Pkcs7Sign ( // // Check input parameters. // - ASSERT (PrivateKey != NULL); - ASSERT (KeyPassword != NULL); - ASSERT (InData != NULL); - ASSERT (SignCert != NULL); - ASSERT (SignedData != NULL); - ASSERT (SignedDataSize != NULL); - ASSERT (InDataSize <= INT_MAX); + if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL || + SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) { + return FALSE; + } RsaContext = NULL; Key = NULL; @@ -285,7 +282,8 @@ _Exit: Cryptographic Message Syntax Standard". The input signed data could be wrapped in a ContentInfo structure. - If P7Data is NULL, then ASSERT(). + If P7Data, TrustedCert or InData is NULL, then return FALSE. + If P7Length, CertLength or DataLength overflow, then return FAlSE. @param[in] P7Data Pointer to the PKCS#7 message to verify. @param[in] P7Length Length of the PKCS#7 message in bytes. @@ -322,15 +320,13 @@ Pkcs7Verify ( BOOLEAN Wrapped; // - // ASSERT if any input parameter is invalid. + // Check input parameters. // - ASSERT (P7Data != NULL); - ASSERT (TrustedCert != NULL); - ASSERT (InData != NULL); - ASSERT (P7Length <= INT_MAX); - ASSERT (CertLength <= INT_MAX); - ASSERT (DataLength <= INT_MAX); - + if (P7Data == NULL || TrustedCert == NULL || InData == NULL || + P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) { + return FALSE; + } + Status = FALSE; Pkcs7 = NULL; CertBio = NULL; diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c index 0b561c3580..048335318a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsa.c @@ -1,7 +1,7 @@ /** @file RSA Asymmetric Cipher Wrapper Implementation over OpenSSL. -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -60,7 +60,7 @@ RsaNew ( /** Release the specified RSA context. - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in] RsaContext Pointer to the RSA context to be released. @@ -71,8 +71,6 @@ RsaFree ( IN VOID *RsaContext ) { - ASSERT (RsaContext != NULL); - // // Free OpenSSL RSA Context // @@ -87,7 +85,7 @@ RsaFree ( represented in RSA PKCS#1). If BigNumber is NULL, then the specified key componenet in RSA context is cleared. - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] KeyTag Tag of RSA key component being set. @@ -113,10 +111,11 @@ RsaSetKey ( RSA *RsaKey; // - // ASSERT if RsaContext is NULL + // Check input parameters. // - ASSERT (RsaContext != NULL); - + if (RsaContext == NULL) { + return FALSE; + } RsaKey = (RSA *)RsaContext; // @@ -256,9 +255,9 @@ RsaSetKey ( If the BigNumber buffer is too small to hold the contents of the key, FALSE is returned and BnSize is set to the required buffer size to obtain the key. - If RsaContext is NULL, then ASSERT(). - If BnSize is NULL, then ASSERT(). - If BnSize is large enough but BigNumber is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If BnSize is NULL, then return FALSE. + If BnSize is large enough but BigNumber is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] KeyTag Tag of RSA key component being set. @@ -284,8 +283,12 @@ RsaGetKey ( BIGNUM *BnKey; UINTN Size; - ASSERT (RsaContext != NULL); - ASSERT (BnSize != NULL); + // + // Check input parameters. + // + if (RsaContext == NULL || BnSize == NULL) { + return FALSE; + } RsaKey = (RSA *) RsaContext; Size = *BnSize; @@ -385,7 +388,9 @@ RsaGetKey ( return FALSE; } - ASSERT (BigNumber != NULL); + if (BigNumber == NULL) { + return FALSE; + } *BnSize = BN_bn2bin (BnKey, BigNumber) ; return TRUE; @@ -401,7 +406,7 @@ RsaGetKey ( Before this function can be invoked, pseudorandom number generator must be correctly initialized by RandomSeed(). - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] ModulusLength Length of RSA modulus N in bits. @@ -424,8 +429,13 @@ RsaGenerateKey ( BIGNUM *KeyE; BOOLEAN RetVal; - ASSERT (RsaContext != NULL); - + // + // Check input parameters. + // + if (RsaContext == NULL) { + return FALSE; + } + KeyE = BN_new (); if (PublicExponent == NULL) { BN_set_word (KeyE, 0x10001); @@ -451,7 +461,7 @@ RsaGenerateKey ( - Whether n = p * q - Whether d*e = 1 mod lcm(p-1,q-1) - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in] RsaContext Pointer to RSA context to check. @@ -467,8 +477,13 @@ RsaCheckKey ( { UINTN Reason; - ASSERT (RsaContext != NULL); - + // + // Check input parameters. + // + if (RsaContext == NULL) { + return FALSE; + } + if (RSA_check_key ((RSA *) RsaContext) != 1) { Reason = ERR_GET_REASON (ERR_peek_last_error ()); if (Reason == RSA_R_P_NOT_PRIME || @@ -502,8 +517,12 @@ DigestInfoEncoding ( CONST UINT8 *HashDer; UINTN DerSize; - ASSERT (Message != NULL); - ASSERT (DigestInfo != NULL); + // + // Check input parameters. + // + if (Message == NULL || DigestInfo == NULL) { + return FALSE; + } // // The original message length is used to determine the hash algorithm since @@ -543,10 +562,10 @@ DigestInfoEncoding ( If the Signature buffer is too small to hold the contents of signature, FALSE is returned and SigSize is set to the required buffer size to obtain the signature. - If RsaContext is NULL, then ASSERT(). - If MessageHash is NULL, then ASSERT(). - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). - If SigSize is large enough but Signature is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature generation. @param[in] MessageHash Pointer to octet message hash to be signed. @@ -574,11 +593,13 @@ RsaPkcs1Sign ( UINTN Size; INTN ReturnVal; - ASSERT (RsaContext != NULL); - ASSERT (MessageHash != NULL); - ASSERT ((HashSize == MD5_DIGEST_SIZE) || - (HashSize == SHA1_DIGEST_SIZE) || - (HashSize == SHA256_DIGEST_SIZE)); + // + // Check input parameters. + // + if (RsaContext == NULL || MessageHash == NULL || + (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE)) { + return FALSE; + } Rsa = (RSA *) RsaContext; Size = BN_num_bytes (Rsa->n); @@ -588,7 +609,9 @@ RsaPkcs1Sign ( return FALSE; } - ASSERT (Signature != NULL); + if (Signature == NULL) { + return FALSE; + } Size = DigestInfoEncoding (MessageHash, HashSize, Signature); @@ -612,10 +635,10 @@ RsaPkcs1Sign ( Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in RSA PKCS#1. - If RsaContext is NULL, then ASSERT(). - If MessageHash is NULL, then ASSERT(). - If Signature is NULL, then ASSERT(). - If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If Signature is NULL, then return FALSE. + If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature verification. @param[in] MessageHash Pointer to octet message hash to be checked. @@ -640,19 +663,21 @@ RsaPkcs1Verify ( INTN Length; // - // ASSERT if RsaContext, MessageHash or Signature is NULL + // Check input parameters. // - ASSERT (RsaContext != NULL); - ASSERT (MessageHash != NULL); - ASSERT (Signature != NULL); + if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) { + return FALSE; + } + // - // ASSERT if unsupported hash size: + // Check for unsupported hash size: // Only MD5, SHA-1 or SHA-256 digest size is supported // - ASSERT ((HashSize == MD5_DIGEST_SIZE) || (HashSize == SHA1_DIGEST_SIZE) || - (HashSize == SHA256_DIGEST_SIZE)); - + if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) { + return FALSE; + } + // // RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key // diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 3a5485e002..153e710617 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -1,7 +1,7 @@ /** @file X.509 Certificate Handler Wrapper Implementation over OpenSSL. -Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -19,8 +19,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /** Construct a X509 object from DER-encoded certificate data. - If Cert is NULL, then ASSERT(). - If SingleX509Cert is NULL, then ASSERT(). + If Cert is NULL, then return FALSE. + If SingleX509Cert is NULL, then return FALSE. @param[in] Cert Pointer to the DER-encoded certificate data. @param[in] CertSize The size of certificate data in bytes. @@ -43,11 +43,11 @@ X509ConstructCertificate ( BOOLEAN Status; // - // ASSERT if Cert is NULL or SingleX509Cert is NULL. + // Check input parameters. // - ASSERT (Cert != NULL); - ASSERT (SingleX509Cert != NULL); - ASSERT (CertSize <= INT_MAX); + if (Cert == NULL || SingleX509Cert == NULL || CertSize > INT_MAX) { + return FALSE; + } Status = FALSE; @@ -79,7 +79,7 @@ _Exit: /** Construct a X509 stack object from a list of DER-encoded certificate data. - If X509Stack is NULL, then ASSERT(). + If X509Stack is NULL, then return FALSE. @param[in, out] X509Stack On input, pointer to an existing X509 stack object. On output, pointer to the X509 stack object with new @@ -108,9 +108,11 @@ X509ConstructCertificateStack ( UINTN Index; // - // ASSERT if input X509Stack is NULL. + // Check input parameters. // - ASSERT (X509Stack != NULL); + if (X509Stack == NULL) { + return FALSE; + } Status = FALSE; @@ -171,7 +173,7 @@ X509ConstructCertificateStack ( /** Release the specified X509 object. - If X509Cert is NULL, then ASSERT(). + If X509Cert is NULL, then return FALSE. @param[in] X509Cert Pointer to the X509 object to be released. @@ -181,9 +183,14 @@ EFIAPI X509Free ( IN VOID *X509Cert ) -{ - ASSERT (X509Cert != NULL); - +{ + // + // Check input parameters. + // + if (X509Cert == NULL) { + return; + } + // // Free OpenSSL X509 object. // @@ -193,7 +200,7 @@ X509Free ( /** Release the specified X509 stack object. - If X509Stack is NULL, then ASSERT(). + If X509Stack is NULL, then return FALSE. @param[in] X509Stack Pointer to the X509 stack object to be released. @@ -204,8 +211,13 @@ X509StackFree ( IN VOID *X509Stack ) { - ASSERT (X509Stack != NULL); - + // + // Check input parameters. + // + if (X509Stack == NULL) { + return; + } + // // Free OpenSSL X509 stack object. // @@ -221,8 +233,8 @@ X509StackFree ( @param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input, and the size of buffer returned CertSubject on output. - If Cert is NULL, then ASSERT(). - If SubjectSize is NULL, then ASSERT(). + If Cert is NULL, then return FALSE. + If SubjectSize is NULL, then return FALSE. @retval TRUE The certificate subject retrieved successfully. @retval FALSE Invalid certificate, or the SubjectSize is too small for the result. @@ -243,10 +255,11 @@ X509GetSubjectName ( X509_NAME *X509Name; // - // ASSERT if Cert is NULL or SubjectSize is NULL. + // Check input parameters. // - ASSERT (Cert != NULL); - ASSERT (SubjectSize != NULL); + if (Cert == NULL || SubjectSize == NULL) { + return FALSE; + } Status = FALSE; X509Cert = NULL; @@ -291,8 +304,8 @@ _Exit: RSA public key component. Use RsaFree() function to free the resource. - If Cert is NULL, then ASSERT(). - If RsaContext is NULL, then ASSERT(). + If Cert is NULL, then return FALSE. + If RsaContext is NULL, then return FALSE. @retval TRUE RSA Public Key was retrieved successfully. @retval FALSE Fail to retrieve RSA public key from X509 certificate. @@ -309,12 +322,13 @@ RsaGetPublicKeyFromX509 ( BOOLEAN Status; EVP_PKEY *Pkey; X509 *X509Cert; - + // - // ASSERT if Cert is NULL or RsaContext is NULL. + // Check input parameters. // - ASSERT (Cert != NULL); - ASSERT (RsaContext != NULL); + if (Cert == NULL || RsaContext == NULL) { + return FALSE; + } Status = FALSE; Pkey = NULL; @@ -361,8 +375,8 @@ _Exit: @param[in] CACert Pointer to the DER-encoded trusted CA certificate. @param[in] CACertSize Size of the CA Certificate in bytes. - If Cert is NULL, then ASSERT(). - If CACert is NULL, then ASSERT(). + If Cert is NULL, then return FALSE. + If CACert is NULL, then return FALSE. @retval TRUE The certificate was issued by the trusted CA. @retval FALSE Invalid certificate or the certificate was not issued by the given @@ -383,12 +397,13 @@ X509VerifyCert ( X509 *X509CACert; X509_STORE *CertStore; X509_STORE_CTX CertCtx; - + // - // ASSERT if Cert is NULL or CACert is NULL. + // Check input parameters. // - ASSERT (Cert != NULL); - ASSERT (CACert != NULL); + if (Cert == NULL || CACert == NULL) { + return FALSE; + } Status = FALSE; X509Cert = NULL; diff --git a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c index 3ead6d1906..4b275951e8 100644 --- a/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c +++ b/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c @@ -1,7 +1,7 @@ /** @file Pseudorandom Number Generator Wrapper Implementation over OpenSSL. -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -59,7 +59,7 @@ RandomSeed ( /** Generates a pseudorandom byte stream of the specified size. - If Output is NULL, then ASSERT(). + If Output is NULL, then return FALSE. @param[out] Output Pointer to buffer to receive random value. @param[in] Size Size of randome bytes to generate. @@ -75,7 +75,12 @@ RandomBytes ( IN UINTN Size ) { - ASSERT (Output != NULL); + // + // Check input parameters. + // + if (Output == NULL) { + return FALSE; + } // // Generate random data. diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c index 7f893b91df..2a1da855c6 100644 --- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c @@ -1,7 +1,7 @@ /** @file Implementation of The runtime cryptographic library instance (for IPF). -Copyright (c) 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -195,7 +195,7 @@ Sha256GetContextSize ( Initializes user-supplied memory pointed by Sha256Context as SHA-256 hash context for subsequent use. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to SHA-256 Context being initialized. @@ -221,7 +221,7 @@ Sha256Init ( Performs SHA-256 digest on a data buffer of the specified length. This function can be called multiple times to compute the digest of long or discontinuous data streams. - If Sha256Context is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to the SHA-256 context. @param[in] Data Pointer to the buffer containing the data to be hashed. @@ -251,8 +251,8 @@ Sha256Update ( Completes SHA-256 hash computation and retrieves the digest value into the specified memory. After this function has been called, the SHA-256 context cannot be used again. - If Sha256Context is NULL, then ASSERT(). - If HashValue is NULL, then ASSERT(). + If Sha256Context is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. @param[in, out] Sha256Context Pointer to SHA-256 context @param[out] HashValue Pointer to a buffer that receives the SHA-256 digest @@ -320,7 +320,7 @@ RsaFree ( the user-specified nonnegative integer (octet string format represented in RSA PKCS#1). - If RsaContext is NULL, then ASSERT(). + If RsaContext is NULL, then return FALSE. @param[in, out] RsaContext Pointer to RSA context being set. @param[in] KeyTag Tag of RSA key component being set. @@ -351,10 +351,10 @@ RsaSetKey ( Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in RSA PKCS#1. - If RsaContext is NULL, then ASSERT(). - If MessageHash is NULL, then ASSERT(). - If Signature is NULL, then ASSERT(). - If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT(). + If RsaContext is NULL, then return FALSE. + If MessageHash is NULL, then return FALSE. + If Signature is NULL, then return FALSE. + If HashLength is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE. @param[in] RsaContext Pointer to RSA context for signature verification. @param[in] MessageHash Pointer to octet message hash to be checked. -- 2.39.2