From 952bd2291872b5e2d302f8de1349239bfbd0332c Mon Sep 17 00:00:00 2001 From: Qin Long Date: Fri, 19 Jun 2015 02:46:51 +0000 Subject: [PATCH 1/1] CryptoPkg: Add some comments for API usage clarification. This patch adds some comments for API usage clarification, and adds one object initialization in X509ConstructCertificateStack implementation to fix possible memory release issue. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long Reviewed-by: Ting Ye git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17671 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/Include/Library/BaseCryptLib.h | 4 +++- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 4 +++- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 3 ++- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 2 +- .../BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c | 2 +- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 364fa3ca15..d3b211bec5 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1631,6 +1631,8 @@ RsaGenerateKey ( /** Validates key components of RSA context. + NOTE: This function performs integrity checks on all the RSA key material, so + the RSA key structure must contain all the private key data. This function validates key compoents of RSA context in following aspects: - Whether p is a prime @@ -1859,7 +1861,7 @@ X509ConstructCertificate ( If X509Stack is NULL, then return FALSE. If this interface is not supported, then return FALSE. - @param[in, out] X509Stack On input, pointer to an existing X509 stack object. + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. On output, pointer to the X509 stack object with new inserted X509 certificate. @param ... A list of DER-encoded single certificate data followed diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c index 5c21d121f5..b890704a2e 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c @@ -243,7 +243,9 @@ _Exit: } /** - Validates key components of RSA context. + Validates key components of RSA context. + NOTE: This function performs integrity checks on all the RSA key material, so + the RSA key structure must contain all the private key data. This function validates key compoents of RSA context in following aspects: - Whether p is a prime diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 02851d5701..70b135a754 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -67,7 +67,7 @@ X509ConstructCertificate ( If X509Stack is NULL, then return FALSE. - @param[in, out] X509Stack On input, pointer to an existing X509 stack object. + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. On output, pointer to the X509 stack object with new inserted X509 certificate. @param ... A list of DER-encoded single certificate data followed @@ -132,6 +132,7 @@ X509ConstructCertificateStack ( // // Construct X509 Object from the given DER-encoded certificate data. // + X509Cert = NULL; Status = X509ConstructCertificate ( (CONST UINT8 *) Cert, CertSize, diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c index e1eb84d99b..51aa0633a8 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c @@ -44,7 +44,7 @@ X509ConstructCertificate ( Return FALSE to indicate this interface is not supported. - @param[in, out] X509Stack On input, pointer to an existing X509 stack object. + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. On output, pointer to the X509 stack object with new inserted X509 certificate. @param ... A list of DER-encoded single certificate data followed diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c index c43ca07583..f5d9aa1076 100644 --- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c @@ -44,7 +44,7 @@ X509ConstructCertificate ( Return FALSE to indicate this interface is not supported. - @param[in, out] X509Stack On input, pointer to an existing X509 stack object. + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. On output, pointer to the X509 stack object with new inserted X509 certificate. @param ... A list of DER-encoded single certificate data followed -- 2.39.2