summaryrefslogtreecommitdiffstats
path: root/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
diff options
context:
space:
mode:
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c')
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c186
1 files changed, 96 insertions, 90 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
index 40cc39afe7..833b29ae97 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
@@ -64,19 +64,20 @@
**/
EFI_STATUS
GetSignerCertificate (
- IN CONST PKCS7 *CertChain,
- OUT X509 **SignerCert
+ IN CONST PKCS7 *CertChain,
+ OUT X509 **SignerCert
)
{
- EFI_STATUS Status;
- STACK_OF(X509) *Signers;
- INT32 NumberSigners;
+ EFI_STATUS Status;
- Status = EFI_SUCCESS;
- Signers = NULL;
- NumberSigners = 0;
+ STACK_OF (X509) *Signers;
+ INT32 NumberSigners;
- if (CertChain == NULL || SignerCert == NULL) {
+ Status = EFI_SUCCESS;
+ Signers = NULL;
+ NumberSigners = 0;
+
+ if ((CertChain == NULL) || (SignerCert == NULL)) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@@ -84,7 +85,7 @@ GetSignerCertificate (
//
// Get the signers from the chain.
//
- Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY);
+ Signers = PKCS7_get0_signers ((PKCS7 *)CertChain, NULL, PKCS7_BINARY);
if (Signers == NULL) {
//
// Fail to get signers form PKCS7
@@ -118,7 +119,6 @@ Exit:
return Status;
}
-
/**
Determines if the specified EKU represented in ASN1 form is present
in a given certificate.
@@ -134,8 +134,8 @@ Exit:
**/
EFI_STATUS
IsEkuInCertificate (
- IN CONST X509 *Cert,
- IN ASN1_OBJECT *Asn1ToFind
+ IN CONST X509 *Cert,
+ IN ASN1_OBJECT *Asn1ToFind
)
{
EFI_STATUS Status;
@@ -147,15 +147,15 @@ IsEkuInCertificate (
ASN1_OBJECT *Asn1InCert;
INTN Index;
- Status = EFI_NOT_FOUND;
- ClonedCert = NULL;
- Extension = NULL;
- Eku = NULL;
- ExtensionIndex = -1;
- NumExtensions = 0;
- Asn1InCert = NULL;
+ Status = EFI_NOT_FOUND;
+ ClonedCert = NULL;
+ Extension = NULL;
+ Eku = NULL;
+ ExtensionIndex = -1;
+ NumExtensions = 0;
+ Asn1InCert = NULL;
- if (Cert == NULL || Asn1ToFind == NULL) {
+ if ((Cert == NULL) || (Asn1ToFind == NULL)) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@@ -164,7 +164,7 @@ IsEkuInCertificate (
// Clone the certificate. This is required because the Extension API's
// only work once per instance of an X509 object.
//
- ClonedCert = X509_dup ((X509*)Cert);
+ ClonedCert = X509_dup ((X509 *)Cert);
if (ClonedCert == NULL) {
//
// Fail to duplicate cert.
@@ -193,7 +193,7 @@ IsEkuInCertificate (
goto Exit;
}
- Eku = (EXTENDED_KEY_USAGE*)X509V3_EXT_d2i (Extension);
+ Eku = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i (Extension);
if (Eku == NULL) {
//
// Fail to get Eku from extension.
@@ -215,8 +215,9 @@ IsEkuInCertificate (
goto Exit;
}
- if (Asn1InCert->length == Asn1ToFind->length &&
- CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0) {
+ if ((Asn1InCert->length == Asn1ToFind->length) &&
+ (CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0))
+ {
//
// Found Eku in certificate.
//
@@ -241,7 +242,6 @@ Exit:
return Status;
}
-
/**
Determines if the specified EKUs are present in a signing certificate.
@@ -256,23 +256,23 @@ Exit:
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
**/
EFI_STATUS
-CheckEKUs(
- IN CONST X509 *SignerCert,
- IN CONST CHAR8 *RequiredEKUs[],
- IN CONST UINT32 RequiredEKUsSize,
- IN BOOLEAN RequireAllPresent
+CheckEKUs (
+ IN CONST X509 *SignerCert,
+ IN CONST CHAR8 *RequiredEKUs[],
+ IN CONST UINT32 RequiredEKUsSize,
+ IN BOOLEAN RequireAllPresent
)
{
- EFI_STATUS Status;
- ASN1_OBJECT *Asn1ToFind;
- UINT32 NumEkusFound;
- UINT32 Index;
+ EFI_STATUS Status;
+ ASN1_OBJECT *Asn1ToFind;
+ UINT32 NumEkusFound;
+ UINT32 Index;
Status = EFI_SUCCESS;
Asn1ToFind = NULL;
NumEkusFound = 0;
- if (SignerCert == NULL || RequiredEKUs == NULL || RequiredEKUsSize == 0) {
+ if ((SignerCert == NULL) || (RequiredEKUs == NULL) || (RequiredEKUsSize == 0)) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@@ -282,7 +282,7 @@ CheckEKUs(
// Finding required EKU in cert.
//
if (Asn1ToFind != NULL) {
- ASN1_OBJECT_free(Asn1ToFind);
+ ASN1_OBJECT_free (Asn1ToFind);
Asn1ToFind = NULL;
}
@@ -314,11 +314,12 @@ CheckEKUs(
Exit:
if (Asn1ToFind != NULL) {
- ASN1_OBJECT_free(Asn1ToFind);
+ ASN1_OBJECT_free (Asn1ToFind);
}
if (RequireAllPresent &&
- NumEkusFound == RequiredEKUsSize) {
+ (NumEkusFound == RequiredEKUsSize))
+ {
//
// Found all required EKUs in certificate.
//
@@ -361,43 +362,45 @@ Exit:
EFI_STATUS
EFIAPI
VerifyEKUsInPkcs7Signature (
- IN CONST UINT8 *Pkcs7Signature,
- IN CONST UINT32 SignatureSize,
- IN CONST CHAR8 *RequiredEKUs[],
- IN CONST UINT32 RequiredEKUsSize,
- IN BOOLEAN RequireAllPresent
+ IN CONST UINT8 *Pkcs7Signature,
+ IN CONST UINT32 SignatureSize,
+ IN CONST CHAR8 *RequiredEKUs[],
+ IN CONST UINT32 RequiredEKUsSize,
+ IN BOOLEAN RequireAllPresent
)
{
- EFI_STATUS Status;
- PKCS7 *Pkcs7;
- STACK_OF(X509) *CertChain;
- INT32 SignatureType;
- INT32 NumberCertsInSignature;
- X509 *SignerCert;
- UINT8 *SignedData;
- UINT8 *Temp;
- UINTN SignedDataSize;
- BOOLEAN IsWrapped;
- BOOLEAN Ok;
-
- Status = EFI_SUCCESS;
- Pkcs7 = NULL;
- CertChain = NULL;
- SignatureType = 0;
- NumberCertsInSignature = 0;
- SignerCert = NULL;
- SignedData = NULL;
- SignedDataSize = 0;
- IsWrapped = FALSE;
- Ok = FALSE;
+ EFI_STATUS Status;
+ PKCS7 *Pkcs7;
+
+ STACK_OF (X509) *CertChain;
+ INT32 SignatureType;
+ INT32 NumberCertsInSignature;
+ X509 *SignerCert;
+ UINT8 *SignedData;
+ UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN IsWrapped;
+ BOOLEAN Ok;
+
+ Status = EFI_SUCCESS;
+ Pkcs7 = NULL;
+ CertChain = NULL;
+ SignatureType = 0;
+ NumberCertsInSignature = 0;
+ SignerCert = NULL;
+ SignedData = NULL;
+ SignedDataSize = 0;
+ IsWrapped = FALSE;
+ Ok = FALSE;
//
- //Validate the input parameters.
+ // Validate the input parameters.
//
- if (Pkcs7Signature == NULL ||
- SignatureSize == 0 ||
- RequiredEKUs == NULL ||
- RequiredEKUsSize == 0) {
+ if ((Pkcs7Signature == NULL) ||
+ (SignatureSize == 0) ||
+ (RequiredEKUs == NULL) ||
+ (RequiredEKUsSize == 0))
+ {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@@ -409,11 +412,13 @@ VerifyEKUsInPkcs7Signature (
//
// Wrap the PKCS7 data if needed.
//
- Ok = WrapPkcs7Data (Pkcs7Signature,
- SignatureSize,
- &IsWrapped,
- &SignedData,
- &SignedDataSize);
+ Ok = WrapPkcs7Data (
+ Pkcs7Signature,
+ SignatureSize,
+ &IsWrapped,
+ &SignedData,
+ &SignedDataSize
+ );
if (!Ok) {
//
// Fail to Wrap the PKCS7 data.
@@ -441,18 +446,20 @@ VerifyEKUsInPkcs7Signature (
//
SignatureType = OBJ_obj2nid (Pkcs7->type);
switch (SignatureType) {
- case NID_pkcs7_signed:
- if (Pkcs7->d.sign != NULL) {
- CertChain = Pkcs7->d.sign->cert;
- }
- break;
- case NID_pkcs7_signedAndEnveloped:
- if (Pkcs7->d.signed_and_enveloped != NULL) {
- CertChain = Pkcs7->d.signed_and_enveloped->cert;
- }
- break;
- default:
- break;
+ case NID_pkcs7_signed:
+ if (Pkcs7->d.sign != NULL) {
+ CertChain = Pkcs7->d.sign->cert;
+ }
+
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ if (Pkcs7->d.signed_and_enveloped != NULL) {
+ CertChain = Pkcs7->d.signed_and_enveloped->cert;
+ }
+
+ break;
+ default:
+ break;
}
//
@@ -483,7 +490,7 @@ VerifyEKUsInPkcs7Signature (
// Get the leaf signer.
//
Status = GetSignerCertificate (Pkcs7, &SignerCert);
- if (Status != EFI_SUCCESS || SignerCert == NULL) {
+ if ((Status != EFI_SUCCESS) || (SignerCert == NULL)) {
//
// Fail to get the end-entity leaf signer certificate.
//
@@ -514,4 +521,3 @@ Exit:
return Status;
}
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-13 08:17:07 +0000