diff options
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c')
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 98 |
1 files changed, 55 insertions, 43 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index ff96d30b57..e6bb45e641 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -38,7 +38,7 @@ X509ConstructCertificate ( //
// Check input parameters.
//
- if (Cert == NULL || SingleX509Cert == NULL || CertSize > INT_MAX) {
+ if ((Cert == NULL) || (SingleX509Cert == NULL) || (CertSize > INT_MAX)) {
return FALSE;
}
@@ -46,12 +46,12 @@ X509ConstructCertificate ( // Read DER-encoded X509 Certificate and Construct X509 object.
//
Temp = Cert;
- X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
+ X509Cert = d2i_X509 (NULL, &Temp, (long)CertSize);
if (X509Cert == NULL) {
return FALSE;
}
- *SingleX509Cert = (UINT8 *) X509Cert;
+ *SingleX509Cert = (UINT8 *)X509Cert;
return TRUE;
}
@@ -82,12 +82,13 @@ X509ConstructCertificateStackV ( IN VA_LIST Args
)
{
- UINT8 *Cert;
- UINTN CertSize;
- X509 *X509Cert;
- STACK_OF(X509) *CertStack;
- BOOLEAN Status;
- UINTN Index;
+ UINT8 *Cert;
+ UINTN CertSize;
+ X509 *X509Cert;
+
+ STACK_OF (X509) *CertStack;
+ BOOLEAN Status;
+ UINTN Index;
//
// Check input parameters.
@@ -101,7 +102,7 @@ X509ConstructCertificateStackV ( //
// Initialize X509 stack object.
//
- CertStack = (STACK_OF(X509) *) (*X509Stack);
+ CertStack = (STACK_OF (X509) *)(*X509Stack);
if (CertStack == NULL) {
CertStack = sk_X509_new_null ();
if (CertStack == NULL) {
@@ -127,15 +128,16 @@ X509ConstructCertificateStackV ( // Construct X509 Object from the given DER-encoded certificate data.
//
X509Cert = NULL;
- Status = X509ConstructCertificate (
- (CONST UINT8 *) Cert,
- CertSize,
- (UINT8 **) &X509Cert
- );
+ Status = X509ConstructCertificate (
+ (CONST UINT8 *)Cert,
+ CertSize,
+ (UINT8 **)&X509Cert
+ );
if (!Status) {
if (X509Cert != NULL) {
X509_free (X509Cert);
}
+
break;
}
@@ -148,7 +150,7 @@ X509ConstructCertificateStackV ( if (!Status) {
sk_X509_pop_free (CertStack, X509_free);
} else {
- *X509Stack = (UINT8 *) CertStack;
+ *X509Stack = (UINT8 *)CertStack;
}
return Status;
@@ -210,7 +212,7 @@ X509Free ( //
// Free OpenSSL X509 object.
//
- X509_free ((X509 *) X509Cert);
+ X509_free ((X509 *)X509Cert);
}
/**
@@ -237,7 +239,7 @@ X509StackFree ( //
// Free OpenSSL X509 stack object.
//
- sk_X509_pop_free ((STACK_OF(X509) *) X509Stack, X509_free);
+ sk_X509_pop_free ((STACK_OF (X509) *) X509Stack, X509_free);
}
/**
@@ -274,7 +276,7 @@ X509GetSubjectName ( //
// Check input parameters.
//
- if (Cert == NULL || SubjectSize == NULL) {
+ if ((Cert == NULL) || (SubjectSize == NULL)) {
return FALSE;
}
@@ -283,7 +285,7 @@ X509GetSubjectName ( //
// Read DER-encoded X509 Certificate and Construct X509 object.
//
- Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
@@ -299,14 +301,15 @@ X509GetSubjectName ( goto _Exit;
}
- X509NameSize = i2d_X509_NAME(X509Name, NULL);
+ X509NameSize = i2d_X509_NAME (X509Name, NULL);
if (*SubjectSize < X509NameSize) {
*SubjectSize = X509NameSize;
goto _Exit;
}
+
*SubjectSize = X509NameSize;
if (CertSubject != NULL) {
- i2d_X509_NAME(X509Name, &CertSubject);
+ i2d_X509_NAME (X509Name, &CertSubject);
Status = TRUE;
}
@@ -351,11 +354,11 @@ _Exit: STATIC
RETURN_STATUS
InternalX509GetNIDName (
- IN CONST UINT8 *Cert,
- IN UINTN CertSize,
- IN INT32 Request_NID,
- OUT CHAR8 *CommonName OPTIONAL,
- IN OUT UINTN *CommonNameSize
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ IN INT32 Request_NID,
+ OUT CHAR8 *CommonName OPTIONAL,
+ IN OUT UINTN *CommonNameSize
)
{
RETURN_STATUS ReturnStatus;
@@ -377,6 +380,7 @@ InternalX509GetNIDName ( if ((Cert == NULL) || (CertSize > INT_MAX) || (CommonNameSize == NULL)) {
return ReturnStatus;
}
+
if ((CommonName != NULL) && (*CommonNameSize == 0)) {
return ReturnStatus;
}
@@ -385,7 +389,7 @@ InternalX509GetNIDName ( //
// Read DER-encoded X509 Certificate and Construct X509 object.
//
- Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
if ((X509Cert == NULL) || (!Status)) {
//
// Invalid X.509 Certificate
@@ -443,12 +447,12 @@ InternalX509GetNIDName ( if (CommonName == NULL) {
*CommonNameSize = Length + 1;
- ReturnStatus = RETURN_BUFFER_TOO_SMALL;
+ ReturnStatus = RETURN_BUFFER_TOO_SMALL;
} else {
*CommonNameSize = MIN ((UINTN)Length, *CommonNameSize - 1) + 1;
CopyMem (CommonName, UTF8Name, *CommonNameSize - 1);
CommonName[*CommonNameSize - 1] = '\0';
- ReturnStatus = RETURN_SUCCESS;
+ ReturnStatus = RETURN_SUCCESS;
}
_Exit:
@@ -458,6 +462,7 @@ _Exit: if (X509Cert != NULL) {
X509_free (X509Cert);
}
+
if (UTF8Name != NULL) {
OPENSSL_free (UTF8Name);
}
@@ -532,10 +537,10 @@ X509GetCommonName ( RETURN_STATUS
EFIAPI
X509GetOrganizationName (
- IN CONST UINT8 *Cert,
- IN UINTN CertSize,
- OUT CHAR8 *NameBuffer OPTIONAL,
- IN OUT UINTN *NameBufferSize
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT CHAR8 *NameBuffer OPTIONAL,
+ IN OUT UINTN *NameBufferSize
)
{
return InternalX509GetNIDName (Cert, CertSize, NID_organizationName, NameBuffer, NameBufferSize);
@@ -572,7 +577,7 @@ RsaGetPublicKeyFromX509 ( //
// Check input parameters.
//
- if (Cert == NULL || RsaContext == NULL) {
+ if ((Cert == NULL) || (RsaContext == NULL)) {
return FALSE;
}
@@ -582,7 +587,7 @@ RsaGetPublicKeyFromX509 ( //
// Read DER-encoded X509 Certificate and Construct X509 object.
//
- Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
@@ -654,7 +659,7 @@ X509VerifyCert ( //
// Check input parameters.
//
- if (Cert == NULL || CACert == NULL) {
+ if ((Cert == NULL) || (CACert == NULL)) {
return FALSE;
}
@@ -670,9 +675,11 @@ X509VerifyCert ( if (EVP_add_digest (EVP_md5 ()) == 0) {
goto _Exit;
}
+
if (EVP_add_digest (EVP_sha1 ()) == 0) {
goto _Exit;
}
+
if (EVP_add_digest (EVP_sha256 ()) == 0) {
goto _Exit;
}
@@ -680,7 +687,7 @@ X509VerifyCert ( //
// Read DER-encoded certificate to be verified and Construct X509 object.
//
- Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
@@ -689,7 +696,7 @@ X509VerifyCert ( //
// Read DER-encoded root certificate and Construct X509 object.
//
- Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);
+ Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **)&X509CACert);
if ((X509CACert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
@@ -704,6 +711,7 @@ X509VerifyCert ( if (CertStore == NULL) {
goto _Exit;
}
+
if (!(X509_STORE_add_cert (CertStore, X509CACert))) {
goto _Exit;
}
@@ -712,8 +720,10 @@ X509VerifyCert ( // Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.
//
- X509_STORE_set_flags (CertStore,
- X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
+ X509_STORE_set_flags (
+ CertStore,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
+ );
//
// Set up X509_STORE_CTX for the subsequent verification operation.
@@ -722,6 +732,7 @@ X509VerifyCert ( if (CertCtx == NULL) {
goto _Exit;
}
+
if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) {
goto _Exit;
}
@@ -729,7 +740,7 @@ X509VerifyCert ( //
// X509 Certificate Verification.
//
- Status = (BOOLEAN) X509_verify_cert (CertCtx);
+ Status = (BOOLEAN)X509_verify_cert (CertCtx);
X509_STORE_CTX_cleanup (CertCtx);
_Exit:
@@ -787,7 +798,8 @@ X509GetTBSCert ( // Check input parameters.
//
if ((Cert == NULL) || (TBSCert == NULL) ||
- (TBSCertSize == NULL) || (CertSize > INT_MAX)) {
+ (TBSCertSize == NULL) || (CertSize > INT_MAX))
+ {
return FALSE;
}
|