diff options
author | chenc2 <chen.a.chen@intel.com> | 2017-11-07 08:56:56 +0800 |
---|---|---|
committer | Zhang, Chao B <chao.b.zhang@intel.com> | 2017-11-07 22:06:48 +0800 |
commit | 3702637a528707704fb37defea042f7b10709ec4 (patch) | |
tree | d387c3d2c4fe2b4f01647ac01b79743e8ea16178 /CryptoPkg/Library | |
parent | 829633e3a82dee6f7f2541a0193331f6b8566dec (diff) | |
download | edk2-3702637a528707704fb37defea042f7b10709ec4.tar.gz edk2-3702637a528707704fb37defea042f7b10709ec4.tar.bz2 edk2-3702637a528707704fb37defea042f7b10709ec4.zip |
CryptoPkg/BaseCryptLib: Add C-structure to matching certificate stack
The parameter CertStack of Pkcs7GetSigners will return all embedded X.509
certificate in one given PKCS7 signature. The format is:
//
// UINT8 CertNumber;
// UINT32 Cert1Length;
// UINT8 Cert1[];
// UINT32 Cert2Length;
// UINT8 Cert2[];
// ...
// UINT32 CertnLength;
// UINT8 Certn[];
//
Add EFI_CERT_STACK and EFI_CERT_DATA structure, these two C-structure are
used for parsing CertStack more clearly.
Cc: Long Qin <qin.long@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>
Diffstat (limited to 'CryptoPkg/Library')
-rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c | 3 | ||||
-rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c index 296df028b1..fe8e5950f9 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c @@ -242,6 +242,7 @@ _Exit: @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
It's caller's responsibility to free the buffer with
Pkcs7FreeSigners().
+ This data structure is EFI_CERT_STACK type.
@param[out] StackLength Length of signer's certificates in bytes.
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
It's caller's responsibility to free the buffer with
@@ -442,9 +443,11 @@ Pkcs7FreeSigners ( @param[out] SignerChainCerts Pointer to the certificates list chained to signer's
certificate. It's caller's responsibility to free the buffer
with Pkcs7FreeSigners().
+ This data structure is EFI_CERT_STACK type.
@param[out] ChainLength Length of the chained certificates list buffer in bytes.
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
responsibility to free the buffer with Pkcs7FreeSigners().
+ This data structure is EFI_CERT_STACK type.
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
@retval TRUE The operation is finished successfully.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c index d3e8ec89a7..5490b1f3d6 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c @@ -27,6 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @param[out] CertStack Pointer to Signer's certificates retrieved from P7Data.
It's caller's responsibility to free the buffer with
Pkcs7FreeSigners().
+ This data structure is EFI_CERT_STACK type.
@param[out] StackLength Length of signer's certificates in bytes.
@param[out] TrustedCert Pointer to a trusted certificate from Signer's certificates.
It's caller's responsibility to free the buffer with
@@ -79,9 +80,11 @@ Pkcs7FreeSigners ( @param[out] SignerChainCerts Pointer to the certificates list chained to signer's
certificate. It's caller's responsibility to free the buffer
with Pkcs7FreeSigners().
+ This data structure is EFI_CERT_STACK type.
@param[out] ChainLength Length of the chained certificates list buffer in bytes.
@param[out] UnchainCerts Pointer to the unchained certificates lists. It's caller's
responsibility to free the buffer with Pkcs7FreeSigners().
+ This data structure is EFI_CERT_STACK type.
@param[out] UnchainLength Length of the unchained certificates list buffer in bytes.
@retval TRUE The operation is finished successfully.
|