From 668621362fa4f0ca87fda5b9abba4fc49bac291b Mon Sep 17 00:00:00 2001 From: Michael D Kinney Date: Wed, 20 Nov 2019 17:14:16 -0800 Subject: [PATCH] CryptoPkg/BaseCryptLib: Add X509ConstructCertificateStackV(). https://bugzilla.tianocore.org/show_bug.cgi?id=2420 Add X509ConstructCertificateStackV() to BaseCryptLib that is identical in behavior to X509ConstructCertificateStack(), but it takes a VA_LIST parameter for the variable argument list. The VA_LIST form of this function is required for BaseCryptLib functions to be wrapped in a Protocol/PPI. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Michael D Kinney Reviewed-by: Jian J Wang --- CryptoPkg/Include/Library/BaseCryptLib.h | 26 ++++++++++ CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 50 +++++++++++++++---- .../Library/BaseCryptLib/Pk/CryptX509Null.c | 32 +++++++++++- .../BaseCryptLibNull/Pk/CryptX509Null.c | 32 +++++++++++- 4 files changed, 128 insertions(+), 12 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 8320fddc4c..5e8f2e0a10 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2371,6 +2371,32 @@ X509ConstructCertificate ( OUT UINT8 **SingleX509Cert ); +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args + ); + /** Construct a X509 stack object from a list of DER-encoded certificate data. diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 9b5579e71a..b1393a89c5 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -1,7 +1,7 @@ /** @file X.509 Certificate Handler Wrapper Implementation over OpenSSL. -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -60,23 +60,26 @@ X509ConstructCertificate ( Construct a X509 stack object from a list of DER-encoded certificate data. If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. On output, pointer to the X509 stack object with new inserted X509 certificate. - @param ... A list of DER-encoded single certificate data followed + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed by certificate size. A NULL terminates the list. The pairs are the arguments to X509ConstructCertificate(). @retval TRUE The X509 stack construction succeeded. @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. **/ BOOLEAN EFIAPI -X509ConstructCertificateStack ( - IN OUT UINT8 **X509Stack, - ... +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args ) { UINT8 *Cert; @@ -84,7 +87,6 @@ X509ConstructCertificateStack ( X509 *X509Cert; STACK_OF(X509) *CertStack; BOOLEAN Status; - VA_LIST Args; UINTN Index; // @@ -107,8 +109,6 @@ X509ConstructCertificateStack ( } } - VA_START (Args, X509Stack); - for (Index = 0; ; Index++) { // // If Cert is NULL, then it is the end of the list. @@ -145,8 +145,6 @@ X509ConstructCertificateStack ( sk_X509_push (CertStack, X509Cert); } - VA_END (Args); - if (!Status) { sk_X509_pop_free (CertStack, X509_free); } else { @@ -156,6 +154,38 @@ X509ConstructCertificateStack ( return Status; } +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param ... A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStack ( + IN OUT UINT8 **X509Stack, + ... + ) +{ + VA_LIST Args; + BOOLEAN Result; + + VA_START (Args, X509Stack); + Result = X509ConstructCertificateStackV (X509Stack, Args); + VA_END (Args); + return Result; +} + /** Release the specified X509 object. diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c index 5e59cb1634..14309825ed 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c @@ -2,7 +2,7 @@ X.509 Certificate Handler Wrapper Implementation which does not provide real capabilities. -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -33,6 +33,36 @@ X509ConstructCertificate ( return FALSE; } +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args + ) +{ + ASSERT (FALSE); + return FALSE; +} + /** Construct a X509 stack object from a list of DER-encoded certificate data. diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c index 5e59cb1634..14309825ed 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c @@ -2,7 +2,7 @@ X.509 Certificate Handler Wrapper Implementation which does not provide real capabilities. -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -33,6 +33,36 @@ X509ConstructCertificate ( return FALSE; } +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args + ) +{ + ASSERT (FALSE); + return FALSE; +} + /** Construct a X509 stack object from a list of DER-encoded certificate data. -- 2.39.2