diff options
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib/Pk')
20 files changed, 798 insertions, 705 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c index 3c2d14a88b..aa4a33364d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c @@ -23,9 +23,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent //
// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID
//
-UINT8 mSpcIndirectOidValue[] = {
+UINT8 mSpcIndirectOidValue[] = {
0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04
- };
+};
/**
Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows
@@ -109,20 +109,20 @@ AuthenticodeVerify ( // some authenticode-specific structure. Use opaque ASN.1 string to retrieve
// PKCS#7 ContentInfo here.
//
- SpcIndirectDataOid = OBJ_get0_data(Pkcs7->d.sign->contents->type);
- if (OBJ_length(Pkcs7->d.sign->contents->type) != sizeof(mSpcIndirectOidValue) ||
- CompareMem (
- SpcIndirectDataOid,
- mSpcIndirectOidValue,
- sizeof (mSpcIndirectOidValue)
- ) != 0) {
+ SpcIndirectDataOid = OBJ_get0_data (Pkcs7->d.sign->contents->type);
+ if ((OBJ_length (Pkcs7->d.sign->contents->type) != sizeof (mSpcIndirectOidValue)) ||
+ (CompareMem (
+ SpcIndirectDataOid,
+ mSpcIndirectOidValue,
+ sizeof (mSpcIndirectOidValue)
+ ) != 0))
+ {
//
// Un-matched SPC_INDIRECT_DATA_OBJID.
//
goto _Exit;
}
-
SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
//
@@ -134,33 +134,30 @@ AuthenticodeVerify ( //
// Short Form of Length Encoding (Length < 128)
//
- ContentSize = (UINTN) (Asn1Byte & 0x7F);
+ ContentSize = (UINTN)(Asn1Byte & 0x7F);
//
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 2;
-
} else if ((Asn1Byte & 0x81) == 0x81) {
//
// Long Form of Length Encoding (128 <= Length < 255, Single Octet)
//
- ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
+ ContentSize = (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 2));
//
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 3;
-
} else if ((Asn1Byte & 0x82) == 0x82) {
//
// Long Form of Length Encoding (Length > 255, Two Octet)
//
- ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
+ ContentSize = (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 2));
ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3));
//
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 4;
-
} else {
goto _Exit;
}
@@ -180,7 +177,7 @@ AuthenticodeVerify ( //
// Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature
//
- Status = (BOOLEAN) Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize);
+ Status = (BOOLEAN)Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize);
_Exit:
//
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c index abe4601d11..2732288893 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c @@ -26,7 +26,7 @@ DhNew ( //
// Allocates & Initializes DH Context by OpenSSL DH_new()
//
- return (VOID *) DH_new ();
+ return (VOID *)DH_new ();
}
/**
@@ -46,7 +46,7 @@ DhFree ( //
// Free OpenSSL DH Context
//
- DH_free ((DH *) DhContext);
+ DH_free ((DH *)DhContext);
}
/**
@@ -80,21 +80,21 @@ DhGenerateParameter ( OUT UINT8 *Prime
)
{
- BOOLEAN RetVal;
- BIGNUM *BnP;
+ BOOLEAN RetVal;
+ BIGNUM *BnP;
//
// Check input parameters.
//
- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
+ if ((DhContext == NULL) || (Prime == NULL) || (PrimeLength > INT_MAX)) {
return FALSE;
}
- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
+ if ((Generator != DH_GENERATOR_2) && (Generator != DH_GENERATOR_5)) {
return FALSE;
}
- RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL);
+ RetVal = (BOOLEAN)DH_generate_parameters_ex (DhContext, (UINT32)PrimeLength, (UINT32)Generator, NULL);
if (!RetVal) {
return FALSE;
}
@@ -142,11 +142,11 @@ DhSetParameter ( //
// Check input parameters.
//
- if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
+ if ((DhContext == NULL) || (Prime == NULL) || (PrimeLength > INT_MAX)) {
return FALSE;
}
- if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
+ if ((Generator != DH_GENERATOR_2) && (Generator != DH_GENERATOR_5)) {
return FALSE;
}
@@ -199,29 +199,29 @@ DhGenerateKey ( IN OUT UINTN *PublicKeySize
)
{
- BOOLEAN RetVal;
- DH *Dh;
- BIGNUM *DhPubKey;
- INTN Size;
+ BOOLEAN RetVal;
+ DH *Dh;
+ BIGNUM *DhPubKey;
+ INTN Size;
//
// Check input parameters.
//
- if (DhContext == NULL || PublicKeySize == NULL) {
+ if ((DhContext == NULL) || (PublicKeySize == NULL)) {
return FALSE;
}
- if (PublicKey == NULL && *PublicKeySize != 0) {
+ if ((PublicKey == NULL) && (*PublicKeySize != 0)) {
return FALSE;
}
- Dh = (DH *) DhContext;
+ Dh = (DH *)DhContext;
- RetVal = (BOOLEAN) DH_generate_key (DhContext);
+ RetVal = (BOOLEAN)DH_generate_key (DhContext);
if (RetVal) {
DH_get0_key (Dh, (const BIGNUM **)&DhPubKey, NULL);
Size = BN_num_bytes (DhPubKey);
- if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {
+ if ((Size > 0) && (*PublicKeySize < (UINTN)Size)) {
*PublicKeySize = Size;
return FALSE;
}
@@ -229,6 +229,7 @@ DhGenerateKey ( if (PublicKey != NULL) {
BN_bn2bin (DhPubKey, PublicKey);
}
+
*PublicKeySize = Size;
}
@@ -275,7 +276,7 @@ DhComputeKey ( //
// Check input parameters.
//
- if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {
+ if ((DhContext == NULL) || (PeerPublicKey == NULL) || (KeySize == NULL) || (Key == NULL)) {
return FALSE;
}
@@ -283,7 +284,7 @@ DhComputeKey ( return FALSE;
}
- Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
+ Bn = BN_bin2bn (PeerPublicKey, (UINT32)PeerPublicKeySize, NULL);
if (Bn == NULL) {
return FALSE;
}
@@ -294,7 +295,7 @@ DhComputeKey ( return FALSE;
}
- if (*KeySize < (UINTN) Size) {
+ if (*KeySize < (UINTN)Size) {
*KeySize = Size;
BN_free (Bn);
return FALSE;
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c index 970fa2a36e..ea43c1381c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c @@ -67,8 +67,9 @@ Pkcs1v2Encrypt ( //
// Check input parameters.
//
- if (PublicKey == NULL || InData == NULL ||
- EncryptedData == NULL || EncryptedDataSize == NULL) {
+ if ((PublicKey == NULL) || (InData == NULL) ||
+ (EncryptedData == NULL) || (EncryptedDataSize == NULL))
+ {
return FALSE;
}
@@ -82,15 +83,15 @@ Pkcs1v2Encrypt ( return FALSE;
}
- *EncryptedData = NULL;
- *EncryptedDataSize = 0;
- Result = FALSE;
- TempPointer = NULL;
- CertData = NULL;
- InternalPublicKey = NULL;
- PkeyCtx = NULL;
- OutData = NULL;
- OutDataSize = 0;
+ *EncryptedData = NULL;
+ *EncryptedDataSize = 0;
+ Result = FALSE;
+ TempPointer = NULL;
+ CertData = NULL;
+ InternalPublicKey = NULL;
+ PkeyCtx = NULL;
+ OutData = NULL;
+ OutDataSize = 0;
//
// If it provides a seed then use it.
@@ -107,7 +108,7 @@ Pkcs1v2Encrypt ( // Parse the X509 cert and extract the public key.
//
TempPointer = PublicKey;
- CertData = d2i_X509 (&CertData, &TempPointer, (UINT32)PublicKeySize);
+ CertData = d2i_X509 (&CertData, &TempPointer, (UINT32)PublicKeySize);
if (CertData == NULL) {
//
// Fail to parse X509 cert.
@@ -137,11 +138,13 @@ Pkcs1v2Encrypt ( //
goto _Exit;
}
+
//
// Initialize the context and set the desired padding.
//
- if (EVP_PKEY_encrypt_init (PkeyCtx) <= 0 ||
- EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <= 0) {
+ if ((EVP_PKEY_encrypt_init (PkeyCtx) <= 0) ||
+ (EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <= 0))
+ {
//
// Fail to initialize the context.
//
@@ -177,7 +180,7 @@ Pkcs1v2Encrypt ( // Fail to encrypt data, need to free the output buffer.
//
FreePool (OutData);
- OutData = NULL;
+ OutData = NULL;
OutDataSize = 0;
goto _Exit;
}
@@ -185,20 +188,22 @@ Pkcs1v2Encrypt ( //
// Encrypt done.
//
- *EncryptedData = OutData;
+ *EncryptedData = OutData;
*EncryptedDataSize = OutDataSize;
- Result = TRUE;
+ Result = TRUE;
_Exit:
//
// Release Resources
//
if (CertData != NULL) {
- X509_free (CertData );
+ X509_free (CertData);
}
+
if (InternalPublicKey != NULL) {
EVP_PKEY_free (InternalPublicKey);
}
+
if (PkeyCtx != NULL) {
EVP_PKEY_CTX_free (PkeyCtx);
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c index a89c1525c1..92e8b8c20b 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs5Pbkdf2.c @@ -58,25 +58,28 @@ Pkcs5HashPassword ( if ((Password == NULL) || (Salt == NULL) || (OutKey == NULL)) {
return FALSE;
}
+
if ((PasswordLength == 0) || (PasswordLength > INT_MAX) ||
(SaltLength == 0) || (SaltLength > INT_MAX) ||
(KeyLength == 0) || (KeyLength > INT_MAX) ||
- (IterationCount < 1) || (IterationCount > INT_MAX)) {
+ (IterationCount < 1) || (IterationCount > INT_MAX))
+ {
return FALSE;
}
+
//
// Make sure the digest algorithm is supported.
//
switch (DigestSize) {
- case SHA1_DIGEST_SIZE:
- HashAlg = EVP_sha1();
- break;
- case SHA256_DIGEST_SIZE:
- HashAlg = EVP_sha256();
- break;
- default:
- return FALSE;
- break;
+ case SHA1_DIGEST_SIZE:
+ HashAlg = EVP_sha1 ();
+ break;
+ case SHA256_DIGEST_SIZE:
+ HashAlg = EVP_sha256 ();
+ break;
+ default:
+ return FALSE;
+ break;
}
//
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c index 442f573f8b..3f8b464244 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c @@ -62,8 +62,9 @@ Pkcs7Sign ( //
// Check input parameters.
//
- if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
- SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
+ if ((PrivateKey == NULL) || (KeyPassword == NULL) || (InData == NULL) ||
+ (SignCert == NULL) || (SignedData == NULL) || (SignedDataSize == NULL) || (InDataSize > INT_MAX))
+ {
return FALSE;
}
@@ -79,8 +80,8 @@ Pkcs7Sign ( Status = RsaGetPrivateKeyFromPem (
PrivateKey,
PrivateKeySize,
- (CONST CHAR8 *) KeyPassword,
- (VOID **) &RsaContext
+ (CONST CHAR8 *)KeyPassword,
+ (VOID **)&RsaContext
);
if (!Status) {
return Status;
@@ -94,9 +95,11 @@ Pkcs7Sign ( if (EVP_add_digest (EVP_md5 ()) == 0) {
goto _Exit;
}
+
if (EVP_add_digest (EVP_sha1 ()) == 0) {
goto _Exit;
}
+
if (EVP_add_digest (EVP_sha256 ()) == 0) {
goto _Exit;
}
@@ -110,7 +113,8 @@ Pkcs7Sign ( if (Key == NULL) {
goto _Exit;
}
- if (EVP_PKEY_assign_RSA (Key, (RSA *) RsaContext) == 0) {
+
+ if (EVP_PKEY_assign_RSA (Key, (RSA *)RsaContext) == 0) {
goto _Exit;
}
@@ -122,7 +126,7 @@ Pkcs7Sign ( goto _Exit;
}
- if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {
+ if (BIO_write (DataBio, InData, (int)InDataSize) <= 0) {
goto _Exit;
}
@@ -130,9 +134,9 @@ Pkcs7Sign ( // Create the PKCS#7 signedData structure.
//
Pkcs7 = PKCS7_sign (
- (X509 *) SignCert,
+ (X509 *)SignCert,
Key,
- (STACK_OF(X509) *) OtherCerts,
+ (STACK_OF (X509) *) OtherCerts,
DataBio,
PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
);
@@ -148,13 +152,13 @@ Pkcs7Sign ( goto _Exit;
}
- P7Data = malloc (P7DataSize);
+ P7Data = malloc (P7DataSize);
if (P7Data == NULL) {
goto _Exit;
}
Tmp = P7Data;
- P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
+ P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **)&Tmp);
ASSERT (P7DataSize > 19);
//
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c index d7ff8ba947..07c33c6ae6 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c @@ -51,4 +51,3 @@ Pkcs7Sign ( ASSERT (FALSE);
return FALSE;
}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c index 112c13c226..aac98ae4f9 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c @@ -26,11 +26,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent STATIC
BOOLEAN
Pkcs7TypeIsOther (
- IN PKCS7 *P7
+ IN PKCS7 *P7
)
{
- BOOLEAN Others;
- INTN Nid = OBJ_obj2nid (P7->type);
+ BOOLEAN Others;
+ INTN Nid = OBJ_obj2nid (P7->type);
switch (Nid) {
case NID_pkcs7_data:
@@ -57,17 +57,18 @@ Pkcs7TypeIsOther ( @return ASN1_OCTET_STRING ASN.1 string.
**/
STATIC
-ASN1_OCTET_STRING*
+ASN1_OCTET_STRING *
Pkcs7GetOctetString (
- IN PKCS7 *P7
+ IN PKCS7 *P7
)
{
if (PKCS7_type_is_data (P7)) {
return P7->d.data;
}
- if (Pkcs7TypeIsOther(P7) && (P7->d.other != NULL) &&
- (P7->d.other->type == V_ASN1_OCTET_STRING)) {
+ if (Pkcs7TypeIsOther (P7) && (P7->d.other != NULL) &&
+ (P7->d.other->type == V_ASN1_OCTET_STRING))
+ {
return P7->d.other->value.octet_string;
}
@@ -171,9 +172,11 @@ Pkcs7GetAttachedContent ( *ContentSize = 0;
goto _Exit;
}
+
CopyMem (*Content, OctStr->data, *ContentSize);
}
}
+
Status = TRUE;
_Exit:
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c index 8eda98f7b2..3336d2f60a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c @@ -22,7 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <openssl/x509v3.h>
#include <openssl/pkcs7.h>
-UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
+UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
/**
Check input P7Data is a wrapped ContentInfo structure or not. If not construct
@@ -56,8 +56,8 @@ WrapPkcs7Data ( OUT UINTN *WrapDataSize
)
{
- BOOLEAN Wrapped;
- UINT8 *SignedData;
+ BOOLEAN Wrapped;
+ UINT8 *SignedData;
//
// Check whether input P7Data is a wrapped ContentInfo structure or not.
@@ -72,7 +72,7 @@ WrapPkcs7Data ( }
if (Wrapped) {
- *WrapData = (UINT8 *) P7Data;
+ *WrapData = (UINT8 *)P7Data;
*WrapDataSize = P7Length;
} else {
//
@@ -96,8 +96,8 @@ WrapPkcs7Data ( //
// Part2: Length1 = P7Length + 19 - 4, in big endian.
//
- SignedData[2] = (UINT8) (((UINT16) (*WrapDataSize - 4)) >> 8);
- SignedData[3] = (UINT8) (((UINT16) (*WrapDataSize - 4)) & 0xff);
+ SignedData[2] = (UINT8)(((UINT16)(*WrapDataSize - 4)) >> 8);
+ SignedData[3] = (UINT8)(((UINT16)(*WrapDataSize - 4)) & 0xff);
//
// Part3: 0x06, 0x09.
@@ -119,8 +119,8 @@ WrapPkcs7Data ( //
// Part6: Length2 = P7Length, in big endian.
//
- SignedData[17] = (UINT8) (((UINT16) P7Length) >> 8);
- SignedData[18] = (UINT8) (((UINT16) P7Length) & 0xff);
+ SignedData[17] = (UINT8)(((UINT16)P7Length) >> 8);
+ SignedData[18] = (UINT8)(((UINT16)P7Length) & 0xff);
//
// Part7: P7Data.
@@ -147,19 +147,20 @@ WrapPkcs7Data ( **/
BOOLEAN
X509PopCertificate (
- IN VOID *X509Stack,
- OUT UINT8 **Cert,
- OUT UINTN *CertSize
+ IN VOID *X509Stack,
+ OUT UINT8 **Cert,
+ OUT UINTN *CertSize
)
{
- BIO *CertBio;
- X509 *X509Cert;
- STACK_OF(X509) *CertStack;
- BOOLEAN Status;
- INT32 Result;
- BUF_MEM *Ptr;
- INT32 Length;
- VOID *Buffer;
+ BIO *CertBio;
+ X509 *X509Cert;
+
+ STACK_OF (X509) *CertStack;
+ BOOLEAN Status;
+ INT32 Result;
+ BUF_MEM *Ptr;
+ INT32 Length;
+ VOID *Buffer;
Status = FALSE;
@@ -167,7 +168,7 @@ X509PopCertificate ( return Status;
}
- CertStack = (STACK_OF(X509) *) X509Stack;
+ CertStack = (STACK_OF (X509) *) X509Stack;
X509Cert = sk_X509_pop (CertStack);
@@ -258,23 +259,25 @@ Pkcs7GetSigners ( OUT UINTN *CertLength
)
{
- PKCS7 *Pkcs7;
- BOOLEAN Status;
- UINT8 *SignedData;
- CONST UINT8 *Temp;
- UINTN SignedDataSize;
- BOOLEAN Wrapped;
- STACK_OF(X509) *Stack;
- UINT8 Index;
- UINT8 *CertBuf;
- UINT8 *OldBuf;
- UINTN BufferSize;
- UINTN OldSize;
- UINT8 *SingleCert;
- UINTN SingleCertSize;
+ PKCS7 *Pkcs7;
+ BOOLEAN Status;
+ UINT8 *SignedData;
+ CONST UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN Wrapped;
+
+ STACK_OF (X509) *Stack;
+ UINT8 Index;
+ UINT8 *CertBuf;
+ UINT8 *OldBuf;
+ UINTN BufferSize;
+ UINTN OldSize;
+ UINT8 *SingleCert;
+ UINTN SingleCertSize;
if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) ||
- (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {
+ (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX))
+ {
return FALSE;
}
@@ -297,8 +300,8 @@ Pkcs7GetSigners ( goto _Exit;
}
- Temp = SignedData;
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
+ Temp = SignedData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
@@ -310,7 +313,7 @@ Pkcs7GetSigners ( goto _Exit;
}
- Stack = PKCS7_get0_signers(Pkcs7, NULL, PKCS7_BINARY);
+ Stack = PKCS7_get0_signers (Pkcs7, NULL, PKCS7_BINARY);
if (Stack == NULL) {
goto _Exit;
}
@@ -350,7 +353,7 @@ Pkcs7GetSigners ( OldBuf = NULL;
}
- WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) SingleCertSize);
+ WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)SingleCertSize);
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, SingleCertSize);
free (SingleCert);
@@ -363,7 +366,7 @@ Pkcs7GetSigners ( //
CertBuf[0] = Index;
- *CertLength = BufferSize - OldSize - sizeof (UINT32);
+ *CertLength = BufferSize - OldSize - sizeof (UINT32);
*TrustedCert = malloc (*CertLength);
if (*TrustedCert == NULL) {
goto _Exit;
@@ -372,7 +375,7 @@ Pkcs7GetSigners ( CopyMem (*TrustedCert, CertBuf + OldSize + sizeof (UINT32), *CertLength);
*CertStack = CertBuf;
*StackLength = BufferSize;
- Status = TRUE;
+ Status = TRUE;
}
_Exit:
@@ -388,7 +391,7 @@ _Exit: }
if (Stack != NULL) {
- sk_X509_pop_free(Stack, X509_free);
+ sk_X509_pop_free (Stack, X509_free);
}
if (SingleCert != NULL) {
@@ -416,7 +419,7 @@ _Exit: VOID
EFIAPI
Pkcs7FreeSigners (
- IN UINT8 *Certs
+ IN UINT8 *Certs
)
{
if (Certs == NULL) {
@@ -459,43 +462,45 @@ Pkcs7GetCertificatesList ( OUT UINTN *UnchainLength
)
{
- BOOLEAN Status;
- UINT8 *NewP7Data;
- UINTN NewP7Length;
- BOOLEAN Wrapped;
- UINT8 Index;
- PKCS7 *Pkcs7;
- X509_STORE_CTX *CertCtx;
- STACK_OF(X509) *CtxChain;
- STACK_OF(X509) *CtxUntrusted;
- X509 *CtxCert;
- STACK_OF(X509) *Signers;
- X509 *Signer;
- X509 *Cert;
- X509 *Issuer;
- X509_NAME *IssuerName;
- UINT8 *CertBuf;
- UINT8 *OldBuf;
- UINTN BufferSize;
- UINTN OldSize;
- UINT8 *SingleCert;
- UINTN CertSize;
+ BOOLEAN Status;
+ UINT8 *NewP7Data;
+ UINTN NewP7Length;
+ BOOLEAN Wrapped;
+ UINT8 Index;
+ PKCS7 *Pkcs7;
+ X509_STORE_CTX *CertCtx;
+
+ STACK_OF (X509) *CtxChain;
+ STACK_OF (X509) *CtxUntrusted;
+ X509 *CtxCert;
+
+ STACK_OF (X509) *Signers;
+ X509 *Signer;
+ X509 *Cert;
+ X509 *Issuer;
+ X509_NAME *IssuerName;
+ UINT8 *CertBuf;
+ UINT8 *OldBuf;
+ UINTN BufferSize;
+ UINTN OldSize;
+ UINT8 *SingleCert;
+ UINTN CertSize;
//
// Initializations
//
- Status = FALSE;
- NewP7Data = NULL;
- Pkcs7 = NULL;
- CertCtx = NULL;
- CtxChain = NULL;
- CtxCert = NULL;
- CtxUntrusted = NULL;
- Cert = NULL;
- SingleCert = NULL;
- CertBuf = NULL;
- OldBuf = NULL;
- Signers = NULL;
+ Status = FALSE;
+ NewP7Data = NULL;
+ Pkcs7 = NULL;
+ CertCtx = NULL;
+ CtxChain = NULL;
+ CtxCert = NULL;
+ CtxUntrusted = NULL;
+ Cert = NULL;
+ SingleCert = NULL;
+ CertBuf = NULL;
+ OldBuf = NULL;
+ Signers = NULL;
ZeroMem (&CertCtx, sizeof (CertCtx));
@@ -503,7 +508,8 @@ Pkcs7GetCertificatesList ( // Parameter Checking
//
if ((P7Data == NULL) || (SignerChainCerts == NULL) || (ChainLength == NULL) ||
- (UnchainCerts == NULL) || (UnchainLength == NULL) || (P7Length > INT_MAX)) {
+ (UnchainCerts == NULL) || (UnchainLength == NULL) || (P7Length > INT_MAX))
+ {
return Status;
}
@@ -523,7 +529,7 @@ Pkcs7GetCertificatesList ( //
// Decodes PKCS#7 SignedData
//
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &NewP7Data, (int) NewP7Length);
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&NewP7Data, (int)NewP7Length);
if ((Pkcs7 == NULL) || (!PKCS7_type_is_signed (Pkcs7))) {
goto _Error;
}
@@ -537,15 +543,18 @@ Pkcs7GetCertificatesList ( if ((Signers == NULL) || (sk_X509_num (Signers) != 1)) {
goto _Error;
}
+
Signer = sk_X509_value (Signers, 0);
CertCtx = X509_STORE_CTX_new ();
if (CertCtx == NULL) {
goto _Error;
}
+
if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {
goto _Error;
}
+
//
// Initialize Chained & Untrusted stack
//
@@ -553,10 +562,12 @@ Pkcs7GetCertificatesList ( CtxCert = X509_STORE_CTX_get0_cert (CertCtx);
if (CtxChain == NULL) {
if (((CtxChain = sk_X509_new_null ()) == NULL) ||
- (!sk_X509_push (CtxChain, CtxCert))) {
+ (!sk_X509_push (CtxChain, CtxCert)))
+ {
goto _Error;
}
}
+
CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);
if (CtxUntrusted != NULL) {
(VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
@@ -566,7 +577,7 @@ Pkcs7GetCertificatesList ( // Build certificates stack chained from Signer's certificate.
//
Cert = Signer;
- for (; ;) {
+ for ( ; ;) {
//
// Self-Issue checking
//
@@ -581,13 +592,14 @@ Pkcs7GetCertificatesList ( // Found the issuer of the current certificate
//
if (CtxUntrusted != NULL) {
- Issuer = NULL;
+ Issuer = NULL;
IssuerName = X509_get_issuer_name (Cert);
Issuer = X509_find_by_subject (CtxUntrusted, IssuerName);
if (Issuer != NULL) {
if (!sk_X509_push (CtxChain, Issuer)) {
goto _Error;
}
+
(VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer);
Cert = Issuer;
@@ -629,13 +641,14 @@ Pkcs7GetCertificatesList ( Status = FALSE;
goto _Error;
}
+
if (OldBuf != NULL) {
CopyMem (CertBuf, OldBuf, OldSize);
free (OldBuf);
OldBuf = NULL;
}
- WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) CertSize);
+ WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)CertSize);
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, CertSize);
free (SingleCert);
@@ -672,13 +685,14 @@ Pkcs7GetCertificatesList ( Status = FALSE;
goto _Error;
}
+
if (OldBuf != NULL) {
CopyMem (CertBuf, OldBuf, OldSize);
free (OldBuf);
OldBuf = NULL;
}
- WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) CertSize);
+ WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)CertSize);
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, CertSize);
free (SingleCert);
@@ -709,6 +723,7 @@ _Error: if (Pkcs7 != NULL) {
PKCS7_free (Pkcs7);
}
+
sk_X509_free (Signers);
if (CertCtx != NULL) {
@@ -768,21 +783,22 @@ Pkcs7Verify ( IN UINTN DataLength
)
{
- PKCS7 *Pkcs7;
- BIO *DataBio;
- BOOLEAN Status;
- X509 *Cert;
- X509_STORE *CertStore;
- UINT8 *SignedData;
- CONST UINT8 *Temp;
- UINTN SignedDataSize;
- BOOLEAN Wrapped;
+ PKCS7 *Pkcs7;
+ BIO *DataBio;
+ BOOLEAN Status;
+ X509 *Cert;
+ X509_STORE *CertStore;
+ UINT8 *SignedData;
+ CONST UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN Wrapped;
//
// Check input parameters.
//
- if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
- P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
+ if ((P7Data == NULL) || (TrustedCert == NULL) || (InData == NULL) ||
+ (P7Length > INT_MAX) || (CertLength > INT_MAX) || (DataLength > INT_MAX))
+ {
return FALSE;
}
@@ -797,18 +813,23 @@ Pkcs7Verify ( if (EVP_add_digest (EVP_md5 ()) == 0) {
return FALSE;
}
+
if (EVP_add_digest (EVP_sha1 ()) == 0) {
return FALSE;
}
+
if (EVP_add_digest (EVP_sha256 ()) == 0) {
return FALSE;
}
+
if (EVP_add_digest (EVP_sha384 ()) == 0) {
return FALSE;
}
+
if (EVP_add_digest (EVP_sha512 ()) == 0) {
return FALSE;
}
+
if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {
return FALSE;
}
@@ -827,8 +848,8 @@ Pkcs7Verify ( goto _Exit;
}
- Temp = SignedData;
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
+ Temp = SignedData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
@@ -844,7 +865,7 @@ Pkcs7Verify ( // Read DER-encoded root certificate and Construct X509 Certificate
//
Temp = TrustedCert;
- Cert = d2i_X509 (NULL, &Temp, (long) CertLength);
+ Cert = d2i_X509 (NULL, &Temp, (long)CertLength);
if (Cert == NULL) {
goto _Exit;
}
@@ -856,6 +877,7 @@ Pkcs7Verify ( if (CertStore == NULL) {
goto _Exit;
}
+
if (!(X509_STORE_add_cert (CertStore, Cert))) {
goto _Exit;
}
@@ -864,7 +886,7 @@ Pkcs7Verify ( // For generic PKCS#7 handling, InData may be NULL if the content is present
// in PKCS#7 structure. So ignore NULL checking here.
//
- DataBio = BIO_new_mem_buf (InData, (int) DataLength);
+ DataBio = BIO_new_mem_buf (InData, (int)DataLength);
if (DataBio == NULL) {
goto _Exit;
}
@@ -873,8 +895,10 @@ Pkcs7Verify ( // Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.
//
- X509_STORE_set_flags (CertStore,
- X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
+ X509_STORE_set_flags (
+ CertStore,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
+ );
//
// OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and
@@ -886,7 +910,7 @@ Pkcs7Verify ( //
// Verifies the PKCS#7 signedData structure
//
- Status = (BOOLEAN) PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);
+ Status = (BOOLEAN)PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);
_Exit:
//
@@ -903,4 +927,3 @@ _Exit: return Status;
}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c index 40cc39afe7..833b29ae97 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c @@ -64,19 +64,20 @@ **/
EFI_STATUS
GetSignerCertificate (
- IN CONST PKCS7 *CertChain,
- OUT X509 **SignerCert
+ IN CONST PKCS7 *CertChain,
+ OUT X509 **SignerCert
)
{
- EFI_STATUS Status;
- STACK_OF(X509) *Signers;
- INT32 NumberSigners;
+ EFI_STATUS Status;
- Status = EFI_SUCCESS;
- Signers = NULL;
- NumberSigners = 0;
+ STACK_OF (X509) *Signers;
+ INT32 NumberSigners;
- if (CertChain == NULL || SignerCert == NULL) {
+ Status = EFI_SUCCESS;
+ Signers = NULL;
+ NumberSigners = 0;
+
+ if ((CertChain == NULL) || (SignerCert == NULL)) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@@ -84,7 +85,7 @@ GetSignerCertificate ( //
// Get the signers from the chain.
//
- Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY);
+ Signers = PKCS7_get0_signers ((PKCS7 *)CertChain, NULL, PKCS7_BINARY);
if (Signers == NULL) {
//
// Fail to get signers form PKCS7
@@ -118,7 +119,6 @@ Exit: return Status;
}
-
/**
Determines if the specified EKU represented in ASN1 form is present
in a given certificate.
@@ -134,8 +134,8 @@ Exit: **/
EFI_STATUS
IsEkuInCertificate (
- IN CONST X509 *Cert,
- IN ASN1_OBJECT *Asn1ToFind
+ IN CONST X509 *Cert,
+ IN ASN1_OBJECT *Asn1ToFind
)
{
EFI_STATUS Status;
@@ -147,15 +147,15 @@ IsEkuInCertificate ( ASN1_OBJECT *Asn1InCert;
INTN Index;
- Status = EFI_NOT_FOUND;
- ClonedCert = NULL;
- Extension = NULL;
- Eku = NULL;
- ExtensionIndex = -1;
- NumExtensions = 0;
- Asn1InCert = NULL;
+ Status = EFI_NOT_FOUND;
+ ClonedCert = NULL;
+ Extension = NULL;
+ Eku = NULL;
+ ExtensionIndex = -1;
+ NumExtensions = 0;
+ Asn1InCert = NULL;
- if (Cert == NULL || Asn1ToFind == NULL) {
+ if ((Cert == NULL) || (Asn1ToFind == NULL)) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@@ -164,7 +164,7 @@ IsEkuInCertificate ( // Clone the certificate. This is required because the Extension API's
// only work once per instance of an X509 object.
//
- ClonedCert = X509_dup ((X509*)Cert);
+ ClonedCert = X509_dup ((X509 *)Cert);
if (ClonedCert == NULL) {
//
// Fail to duplicate cert.
@@ -193,7 +193,7 @@ IsEkuInCertificate ( goto Exit;
}
- Eku = (EXTENDED_KEY_USAGE*)X509V3_EXT_d2i (Extension);
+ Eku = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i (Extension);
if (Eku == NULL) {
//
// Fail to get Eku from extension.
@@ -215,8 +215,9 @@ IsEkuInCertificate ( goto Exit;
}
- if (Asn1InCert->length == Asn1ToFind->length &&
- CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0) {
+ if ((Asn1InCert->length == Asn1ToFind->length) &&
+ (CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0))
+ {
//
// Found Eku in certificate.
//
@@ -241,7 +242,6 @@ Exit: return Status;
}
-
/**
Determines if the specified EKUs are present in a signing certificate.
@@ -256,23 +256,23 @@ Exit: @retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
**/
EFI_STATUS
-CheckEKUs(
- IN CONST X509 *SignerCert,
- IN CONST CHAR8 *RequiredEKUs[],
- IN CONST UINT32 RequiredEKUsSize,
- IN BOOLEAN RequireAllPresent
+CheckEKUs (
+ IN CONST X509 *SignerCert,
+ IN CONST CHAR8 *RequiredEKUs[],
+ IN CONST UINT32 RequiredEKUsSize,
+ IN BOOLEAN RequireAllPresent
)
{
- EFI_STATUS Status;
- ASN1_OBJECT *Asn1ToFind;
- UINT32 NumEkusFound;
- UINT32 Index;
+ EFI_STATUS Status;
+ ASN1_OBJECT *Asn1ToFind;
+ UINT32 NumEkusFound;
+ UINT32 Index;
Status = EFI_SUCCESS;
Asn1ToFind = NULL;
NumEkusFound = 0;
- if (SignerCert == NULL || RequiredEKUs == NULL || RequiredEKUsSize == 0) {
+ if ((SignerCert == NULL) || (RequiredEKUs == NULL) || (RequiredEKUsSize == 0)) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@@ -282,7 +282,7 @@ CheckEKUs( // Finding required EKU in cert.
//
if (Asn1ToFind != NULL) {
- ASN1_OBJECT_free(Asn1ToFind);
+ ASN1_OBJECT_free (Asn1ToFind);
Asn1ToFind = NULL;
}
@@ -314,11 +314,12 @@ CheckEKUs( Exit:
if (Asn1ToFind != NULL) {
- ASN1_OBJECT_free(Asn1ToFind);
+ ASN1_OBJECT_free (Asn1ToFind);
}
if (RequireAllPresent &&
- NumEkusFound == RequiredEKUsSize) {
+ (NumEkusFound == RequiredEKUsSize))
+ {
//
// Found all required EKUs in certificate.
//
@@ -361,43 +362,45 @@ Exit: EFI_STATUS
EFIAPI
VerifyEKUsInPkcs7Signature (
- IN CONST UINT8 *Pkcs7Signature,
- IN CONST UINT32 SignatureSize,
- IN CONST CHAR8 *RequiredEKUs[],
- IN CONST UINT32 RequiredEKUsSize,
- IN BOOLEAN RequireAllPresent
+ IN CONST UINT8 *Pkcs7Signature,
+ IN CONST UINT32 SignatureSize,
+ IN CONST CHAR8 *RequiredEKUs[],
+ IN CONST UINT32 RequiredEKUsSize,
+ IN BOOLEAN RequireAllPresent
)
{
- EFI_STATUS Status;
- PKCS7 *Pkcs7;
- STACK_OF(X509) *CertChain;
- INT32 SignatureType;
- INT32 NumberCertsInSignature;
- X509 *SignerCert;
- UINT8 *SignedData;
- UINT8 *Temp;
- UINTN SignedDataSize;
- BOOLEAN IsWrapped;
- BOOLEAN Ok;
-
- Status = EFI_SUCCESS;
- Pkcs7 = NULL;
- CertChain = NULL;
- SignatureType = 0;
- NumberCertsInSignature = 0;
- SignerCert = NULL;
- SignedData = NULL;
- SignedDataSize = 0;
- IsWrapped = FALSE;
- Ok = FALSE;
+ EFI_STATUS Status;
+ PKCS7 *Pkcs7;
+
+ STACK_OF (X509) *CertChain;
+ INT32 SignatureType;
+ INT32 NumberCertsInSignature;
+ X509 *SignerCert;
+ UINT8 *SignedData;
+ UINT8 *Temp;
+ UINTN SignedDataSize;
+ BOOLEAN IsWrapped;
+ BOOLEAN Ok;
+
+ Status = EFI_SUCCESS;
+ Pkcs7 = NULL;
+ CertChain = NULL;
+ SignatureType = 0;
+ NumberCertsInSignature = 0;
+ SignerCert = NULL;
+ SignedData = NULL;
+ SignedDataSize = 0;
+ IsWrapped = FALSE;
+ Ok = FALSE;
//
- //Validate the input parameters.
+ // Validate the input parameters.
//
- if (Pkcs7Signature == NULL ||
- SignatureSize == 0 ||
- RequiredEKUs == NULL ||
- RequiredEKUsSize == 0) {
+ if ((Pkcs7Signature == NULL) ||
+ (SignatureSize == 0) ||
+ (RequiredEKUs == NULL) ||
+ (RequiredEKUsSize == 0))
+ {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
@@ -409,11 +412,13 @@ VerifyEKUsInPkcs7Signature ( //
// Wrap the PKCS7 data if needed.
//
- Ok = WrapPkcs7Data (Pkcs7Signature,
- SignatureSize,
- &IsWrapped,
- &SignedData,
- &SignedDataSize);
+ Ok = WrapPkcs7Data (
+ Pkcs7Signature,
+ SignatureSize,
+ &IsWrapped,
+ &SignedData,
+ &SignedDataSize
+ );
if (!Ok) {
//
// Fail to Wrap the PKCS7 data.
@@ -441,18 +446,20 @@ VerifyEKUsInPkcs7Signature ( //
SignatureType = OBJ_obj2nid (Pkcs7->type);
switch (SignatureType) {
- case NID_pkcs7_signed:
- if (Pkcs7->d.sign != NULL) {
- CertChain = Pkcs7->d.sign->cert;
- }
- break;
- case NID_pkcs7_signedAndEnveloped:
- if (Pkcs7->d.signed_and_enveloped != NULL) {
- CertChain = Pkcs7->d.signed_and_enveloped->cert;
- }
- break;
- default:
- break;
+ case NID_pkcs7_signed:
+ if (Pkcs7->d.sign != NULL) {
+ CertChain = Pkcs7->d.sign->cert;
+ }
+
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ if (Pkcs7->d.signed_and_enveloped != NULL) {
+ CertChain = Pkcs7->d.signed_and_enveloped->cert;
+ }
+
+ break;
+ default:
+ break;
}
//
@@ -483,7 +490,7 @@ VerifyEKUsInPkcs7Signature ( // Get the leaf signer.
//
Status = GetSignerCertificate (Pkcs7, &SignerCert);
- if (Status != EFI_SUCCESS || SignerCert == NULL) {
+ if ((Status != EFI_SUCCESS) || (SignerCert == NULL)) {
//
// Fail to get the end-entity leaf signer certificate.
//
@@ -514,4 +521,3 @@ Exit: return Status;
}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuRuntime.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuRuntime.c index aea5d30a6f..9ac122ac07 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuRuntime.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuRuntime.c @@ -44,14 +44,13 @@ EFI_STATUS
EFIAPI
VerifyEKUsInPkcs7Signature (
- IN CONST UINT8 *Pkcs7Signature,
- IN CONST UINT32 SignatureSize,
- IN CONST CHAR8 *RequiredEKUs[],
- IN CONST UINT32 RequiredEKUsSize,
- IN BOOLEAN RequireAllPresent
+ IN CONST UINT8 *Pkcs7Signature,
+ IN CONST UINT32 SignatureSize,
+ IN CONST CHAR8 *RequiredEKUs[],
+ IN CONST UINT32 RequiredEKUsSize,
+ IN BOOLEAN RequireAllPresent
)
{
ASSERT (FALSE);
return RETURN_UNSUPPORTED;
}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c index 0ddf16a61b..b9b7960126 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyNull.c @@ -57,7 +57,7 @@ Pkcs7GetSigners ( VOID
EFIAPI
Pkcs7FreeSigners (
- IN UINT8 *Certs
+ IN UINT8 *Certs
)
{
ASSERT (FALSE);
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyRuntime.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyRuntime.c index 1b0cda1821..3c17b203aa 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyRuntime.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyRuntime.c @@ -36,4 +36,3 @@ Pkcs7GetAttachedContent ( ASSERT (FALSE);
return FALSE;
}
-
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c index d24e1fdf68..5bd740bf75 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -34,7 +34,7 @@ RsaNew ( //
// Allocates & Initializes RSA Context by OpenSSL RSA_new()
//
- return (VOID *) RSA_new ();
+ return (VOID *)RSA_new ();
}
/**
@@ -52,7 +52,7 @@ RsaFree ( //
// Free OpenSSL RSA Context
//
- RSA_free ((RSA *) RsaContext);
+ RSA_free ((RSA *)RsaContext);
}
/**
@@ -99,7 +99,7 @@ RsaSetKey ( //
// Check input parameters.
//
- if (RsaContext == NULL || BnSize > INT_MAX) {
+ if ((RsaContext == NULL) || (BnSize > INT_MAX)) {
return FALSE;
}
@@ -115,7 +115,7 @@ RsaSetKey ( //
// Retrieve the components from RSA object.
//
- RsaKey = (RSA *) RsaContext;
+ RsaKey = (RSA *)RsaContext;
RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);
RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);
RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);
@@ -126,118 +126,127 @@ RsaSetKey ( // (N, e) are needed.
//
switch (KeyTag) {
-
- //
- // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)
- //
- case RsaKeyN:
- case RsaKeyE:
- case RsaKeyD:
- if (BnN == NULL) {
- BnN = BN_new ();
- }
- if (BnE == NULL) {
- BnE = BN_new ();
- }
- if (BnD == NULL) {
- BnD = BN_new ();
- }
-
- if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {
- return FALSE;
- }
-
- switch (KeyTag) {
+ //
+ // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)
+ //
case RsaKeyN:
- BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);
- break;
case RsaKeyE:
- BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);
- break;
case RsaKeyD:
- BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);
- break;
- default:
- return FALSE;
- }
- if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) {
- return FALSE;
- }
+ if (BnN == NULL) {
+ BnN = BN_new ();
+ }
+
+ if (BnE == NULL) {
+ BnE = BN_new ();
+ }
+
+ if (BnD == NULL) {
+ BnD = BN_new ();
+ }
+
+ if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {
+ return FALSE;
+ }
+
+ switch (KeyTag) {
+ case RsaKeyN:
+ BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);
+ break;
+ case RsaKeyE:
+ BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);
+ break;
+ case RsaKeyD:
+ BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);
+ break;
+ default:
+ return FALSE;
+ }
+
+ if (RSA_set0_key (RsaKey, BN_dup (BnN), BN_dup (BnE), BN_dup (BnD)) == 0) {
+ return FALSE;
+ }
- break;
-
- //
- // RSA Secret Prime Factor of Modulus (p and q)
- //
- case RsaKeyP:
- case RsaKeyQ:
- if (BnP == NULL) {
- BnP = BN_new ();
- }
- if (BnQ == NULL) {
- BnQ = BN_new ();
- }
- if ((BnP == NULL) || (BnQ == NULL)) {
- return FALSE;
- }
+ break;
- switch (KeyTag) {
+ //
+ // RSA Secret Prime Factor of Modulus (p and q)
+ //
case RsaKeyP:
- BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);
- break;
case RsaKeyQ:
- BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);
- break;
- default:
- return FALSE;
- }
- if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) {
- return FALSE;
- }
+ if (BnP == NULL) {
+ BnP = BN_new ();
+ }
+
+ if (BnQ == NULL) {
+ BnQ = BN_new ();
+ }
+
+ if ((BnP == NULL) || (BnQ == NULL)) {
+ return FALSE;
+ }
+
+ switch (KeyTag) {
+ case RsaKeyP:
+ BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);
+ break;
+ case RsaKeyQ:
+ BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);
+ break;
+ default:
+ return FALSE;
+ }
+
+ if (RSA_set0_factors (RsaKey, BN_dup (BnP), BN_dup (BnQ)) == 0) {
+ return FALSE;
+ }
- break;
-
- //
- // p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),
- // and CRT Coefficient (== 1/q mod p)
- //
- case RsaKeyDp:
- case RsaKeyDq:
- case RsaKeyQInv:
- if (BnDp == NULL) {
- BnDp = BN_new ();
- }
- if (BnDq == NULL) {
- BnDq = BN_new ();
- }
- if (BnQInv == NULL) {
- BnQInv = BN_new ();
- }
- if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {
- return FALSE;
- }
+ break;
- switch (KeyTag) {
+ //
+ // p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),
+ // and CRT Coefficient (== 1/q mod p)
+ //
case RsaKeyDp:
- BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);
- break;
case RsaKeyDq:
- BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);
- break;
case RsaKeyQInv:
- BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);
+ if (BnDp == NULL) {
+ BnDp = BN_new ();
+ }
+
+ if (BnDq == NULL) {
+ BnDq = BN_new ();
+ }
+
+ if (BnQInv == NULL) {
+ BnQInv = BN_new ();
+ }
+
+ if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {
+ return FALSE;
+ }
+
+ switch (KeyTag) {
+ case RsaKeyDp:
+ BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);
+ break;
+ case RsaKeyDq:
+ BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);
+ break;
+ case RsaKeyQInv:
+ BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);
+ break;
+ default:
+ return FALSE;
+ }
+
+ if (RSA_set0_crt_params (RsaKey, BN_dup (BnDp), BN_dup (BnDq), BN_dup (BnQInv)) == 0) {
+ return FALSE;
+ }
+
break;
+
default:
return FALSE;
- }
- if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) {
- return FALSE;
- }
-
- break;
-
- default:
- return FALSE;
}
return TRUE;
@@ -272,17 +281,17 @@ RsaPkcs1Verify ( IN UINTN SigSize
)
{
- INT32 DigestType;
- UINT8 *SigBuf;
+ INT32 DigestType;
+ UINT8 *SigBuf;
//
// Check input parameters.
//
- if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
+ if ((RsaContext == NULL) || (MessageHash == NULL) || (Signature == NULL)) {
return FALSE;
}
- if (SigSize > INT_MAX || SigSize == 0) {
+ if ((SigSize > INT_MAX) || (SigSize == 0)) {
return FALSE;
}
@@ -291,37 +300,37 @@ RsaPkcs1Verify ( // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
//
switch (HashSize) {
- case MD5_DIGEST_SIZE:
- DigestType = NID_md5;
- break;
+ case MD5_DIGEST_SIZE:
+ DigestType = NID_md5;
+ break;
- case SHA1_DIGEST_SIZE:
- DigestType = NID_sha1;
- break;
+ case SHA1_DIGEST_SIZE:
+ DigestType = NID_sha1;
+ break;
- case SHA256_DIGEST_SIZE:
- DigestType = NID_sha256;
- break;
+ case SHA256_DIGEST_SIZE:
+ DigestType = NID_sha256;
+ break;
- case SHA384_DIGEST_SIZE:
- DigestType = NID_sha384;
- break;
+ case SHA384_DIGEST_SIZE:
+ DigestType = NID_sha384;
+ break;
- case SHA512_DIGEST_SIZE:
- DigestType = NID_sha512;
- break;
+ case SHA512_DIGEST_SIZE:
+ DigestType = NID_sha512;
+ break;
- default:
- return FALSE;
+ default:
+ return FALSE;
}
- SigBuf = (UINT8 *) Signature;
- return (BOOLEAN) RSA_verify (
- DigestType,
- MessageHash,
- (UINT32) HashSize,
- SigBuf,
- (UINT32) SigSize,
- (RSA *) RsaContext
- );
+ SigBuf = (UINT8 *)Signature;
+ return (BOOLEAN)RSA_verify (
+ DigestType,
+ MessageHash,
+ (UINT32)HashSize,
+ SigBuf,
+ (UINT32)SigSize,
+ (RSA *)RsaContext
+ );
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c index 7cd5fecf04..d414ce83f9 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c @@ -54,82 +54,81 @@ RsaGetKey ( IN OUT UINTN *BnSize
)
{
- RSA *RsaKey;
- BIGNUM *BnKey;
- UINTN Size;
+ RSA *RsaKey;
+ BIGNUM *BnKey;
+ UINTN Size;
//
// Check input parameters.
//
- if (RsaContext == NULL || BnSize == NULL) {
+ if ((RsaContext == NULL) || (BnSize == NULL)) {
return FALSE;
}
- RsaKey = (RSA *) RsaContext;
+ RsaKey = (RSA *)RsaContext;
Size = *BnSize;
*BnSize = 0;
BnKey = NULL;
switch (KeyTag) {
-
- //
- // RSA Public Modulus (N)
- //
- case RsaKeyN:
- RSA_get0_key (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
- break;
-
- //
- // RSA Public Exponent (e)
- //
- case RsaKeyE:
- RSA_get0_key (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
- break;
-
- //
- // RSA Private Exponent (d)
- //
- case RsaKeyD:
- RSA_get0_key (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
- break;
-
- //
- // RSA Secret Prime Factor of Modulus (p)
- //
- case RsaKeyP:
- RSA_get0_factors (RsaKey, (const BIGNUM **)&BnKey, NULL);
- break;
-
- //
- // RSA Secret Prime Factor of Modules (q)
- //
- case RsaKeyQ:
- RSA_get0_factors (RsaKey, NULL, (const BIGNUM **)&BnKey);
- break;
-
- //
- // p's CRT Exponent (== d mod (p - 1))
- //
- case RsaKeyDp:
- RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
- break;
-
- //
- // q's CRT Exponent (== d mod (q - 1))
- //
- case RsaKeyDq:
- RSA_get0_crt_params (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
- break;
-
- //
- // The CRT Coefficient (== 1/q mod p)
- //
- case RsaKeyQInv:
- RSA_get0_crt_params (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
- break;
-
- default:
- return FALSE;
+ //
+ // RSA Public Modulus (N)
+ //
+ case RsaKeyN:
+ RSA_get0_key (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
+ break;
+
+ //
+ // RSA Public Exponent (e)
+ //
+ case RsaKeyE:
+ RSA_get0_key (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
+ break;
+
+ //
+ // RSA Private Exponent (d)
+ //
+ case RsaKeyD:
+ RSA_get0_key (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modulus (p)
+ //
+ case RsaKeyP:
+ RSA_get0_factors (RsaKey, (const BIGNUM **)&BnKey, NULL);
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modules (q)
+ //
+ case RsaKeyQ:
+ RSA_get0_factors (RsaKey, NULL, (const BIGNUM **)&BnKey);
+ break;
+
+ //
+ // p's CRT Exponent (== d mod (p - 1))
+ //
+ case RsaKeyDp:
+ RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
+ break;
+
+ //
+ // q's CRT Exponent (== d mod (q - 1))
+ //
+ case RsaKeyDq:
+ RSA_get0_crt_params (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
+ break;
+
+ //
+ // The CRT Coefficient (== 1/q mod p)
+ //
+ case RsaKeyQInv:
+ RSA_get0_crt_params (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
+ break;
+
+ default:
+ return FALSE;
}
if (BnKey == NULL) {
@@ -148,7 +147,8 @@ RsaGetKey ( *BnSize = Size;
return TRUE;
}
- *BnSize = BN_bn2bin (BnKey, BigNumber) ;
+
+ *BnSize = BN_bn2bin (BnKey, BigNumber);
return TRUE;
}
@@ -189,7 +189,7 @@ RsaGenerateKey ( //
// Check input parameters.
//
- if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
+ if ((RsaContext == NULL) || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) {
return FALSE;
}
@@ -205,13 +205,13 @@ RsaGenerateKey ( goto _Exit;
}
} else {
- if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {
+ if (BN_bin2bn (PublicExponent, (UINT32)PublicExponentSize, KeyE) == NULL) {
goto _Exit;
}
}
- if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
- RetVal = TRUE;
+ if (RSA_generate_key_ex ((RSA *)RsaContext, (UINT32)ModulusLength, KeyE, NULL) == 1) {
+ RetVal = TRUE;
}
_Exit:
@@ -253,12 +253,13 @@ RsaCheckKey ( return FALSE;
}
- if (RSA_check_key ((RSA *) RsaContext) != 1) {
+ if (RSA_check_key ((RSA *)RsaContext) != 1) {
Reason = ERR_GET_REASON (ERR_peek_last_error ());
- if (Reason == RSA_R_P_NOT_PRIME ||
- Reason == RSA_R_Q_NOT_PRIME ||
- Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
- Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
+ if ((Reason == RSA_R_P_NOT_PRIME) ||
+ (Reason == RSA_R_Q_NOT_PRIME) ||
+ (Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q) ||
+ (Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1))
+ {
return FALSE;
}
}
@@ -301,18 +302,18 @@ RsaPkcs1Sign ( IN OUT UINTN *SigSize
)
{
- RSA *Rsa;
- UINTN Size;
- INT32 DigestType;
+ RSA *Rsa;
+ UINTN Size;
+ INT32 DigestType;
//
// Check input parameters.
//
- if (RsaContext == NULL || MessageHash == NULL) {
+ if ((RsaContext == NULL) || (MessageHash == NULL)) {
return FALSE;
}
- Rsa = (RSA *) RsaContext;
+ Rsa = (RSA *)RsaContext;
Size = RSA_size (Rsa);
if (*SigSize < Size) {
@@ -329,36 +330,36 @@ RsaPkcs1Sign ( // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
//
switch (HashSize) {
- case MD5_DIGEST_SIZE:
- DigestType = NID_md5;
- break;
+ case MD5_DIGEST_SIZE:
+ DigestType = NID_md5;
+ break;
- case SHA1_DIGEST_SIZE:
- DigestType = NID_sha1;
- break;
+ case SHA1_DIGEST_SIZE:
+ DigestType = NID_sha1;
+ break;
- case SHA256_DIGEST_SIZE:
- DigestType = NID_sha256;
- break;
+ case SHA256_DIGEST_SIZE:
+ DigestType = NID_sha256;
+ break;
- case SHA384_DIGEST_SIZE:
- DigestType = NID_sha384;
- break;
+ case SHA384_DIGEST_SIZE:
+ DigestType = NID_sha384;
+ break;
- case SHA512_DIGEST_SIZE:
- DigestType = NID_sha512;
- break;
+ case SHA512_DIGEST_SIZE:
+ DigestType = NID_sha512;
+ break;
- default:
- return FALSE;
+ default:
+ return FALSE;
}
- return (BOOLEAN) RSA_sign (
- DigestType,
- MessageHash,
- (UINT32) HashSize,
- Signature,
- (UINT32 *) SigSize,
- (RSA *) RsaContext
- );
+ return (BOOLEAN)RSA_sign (
+ DigestType,
+ MessageHash,
+ (UINT32)HashSize,
+ Signature,
+ (UINT32 *)SigSize,
+ (RSA *)RsaContext
+ );
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c index 260cb00e65..9aeadcf96b 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c @@ -115,5 +115,3 @@ RsaPkcs1Sign ( ASSERT (FALSE);
return FALSE;
}
-
-
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c index 37075ea65a..bdc9155e1f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c @@ -16,7 +16,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <openssl/objects.h>
#include <openssl/evp.h>
-
/**
Retrieve a pointer to EVP message digest object.
@@ -25,27 +24,26 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/
STATIC
const
-EVP_MD*
+EVP_MD *
GetEvpMD (
- IN UINT16 DigestLen
+ IN UINT16 DigestLen
)
{
- switch (DigestLen){
+ switch (DigestLen) {
case SHA256_DIGEST_SIZE:
- return EVP_sha256();
+ return EVP_sha256 ();
break;
case SHA384_DIGEST_SIZE:
- return EVP_sha384();
+ return EVP_sha384 ();
break;
case SHA512_DIGEST_SIZE:
- return EVP_sha512();
+ return EVP_sha512 ();
break;
default:
return NULL;
}
}
-
/**
Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
Implementation determines salt length automatically from the signature encoding.
@@ -76,76 +74,84 @@ RsaPssVerify ( IN UINT16 SaltLen
)
{
- BOOLEAN Result;
- EVP_PKEY *EvpRsaKey;
- EVP_MD_CTX *EvpVerifyCtx;
- EVP_PKEY_CTX *KeyCtx;
+ BOOLEAN Result;
+ EVP_PKEY *EvpRsaKey;
+ EVP_MD_CTX *EvpVerifyCtx;
+ EVP_PKEY_CTX *KeyCtx;
CONST EVP_MD *HashAlg;
- Result = FALSE;
- EvpRsaKey = NULL;
+ Result = FALSE;
+ EvpRsaKey = NULL;
EvpVerifyCtx = NULL;
- KeyCtx = NULL;
- HashAlg = NULL;
+ KeyCtx = NULL;
+ HashAlg = NULL;
if (RsaContext == NULL) {
return FALSE;
}
- if (Message == NULL || MsgSize == 0 || MsgSize > INT_MAX) {
+
+ if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {
return FALSE;
}
- if (Signature == NULL || SigSize == 0 || SigSize > INT_MAX) {
+
+ if ((Signature == NULL) || (SigSize == 0) || (SigSize > INT_MAX)) {
return FALSE;
}
+
if (SaltLen != DigestLen) {
return FALSE;
}
- HashAlg = GetEvpMD(DigestLen);
+ HashAlg = GetEvpMD (DigestLen);
if (HashAlg == NULL) {
return FALSE;
}
- EvpRsaKey = EVP_PKEY_new();
+ EvpRsaKey = EVP_PKEY_new ();
if (EvpRsaKey == NULL) {
goto _Exit;
}
- EVP_PKEY_set1_RSA(EvpRsaKey, RsaContext);
+ EVP_PKEY_set1_RSA (EvpRsaKey, RsaContext);
- EvpVerifyCtx = EVP_MD_CTX_create();
+ EvpVerifyCtx = EVP_MD_CTX_create ();
if (EvpVerifyCtx == NULL) {
goto _Exit;
}
- Result = EVP_DigestVerifyInit(EvpVerifyCtx, &KeyCtx, HashAlg, NULL, EvpRsaKey) > 0;
+ Result = EVP_DigestVerifyInit (EvpVerifyCtx, &KeyCtx, HashAlg, NULL, EvpRsaKey) > 0;
if (KeyCtx == NULL) {
goto _Exit;
}
if (Result) {
- Result = EVP_PKEY_CTX_set_rsa_padding(KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
+ Result = EVP_PKEY_CTX_set_rsa_padding (KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
}
+
if (Result) {
- Result = EVP_PKEY_CTX_set_rsa_pss_saltlen(KeyCtx, SaltLen) > 0;
+ Result = EVP_PKEY_CTX_set_rsa_pss_saltlen (KeyCtx, SaltLen) > 0;
}
+
if (Result) {
- Result = EVP_PKEY_CTX_set_rsa_mgf1_md(KeyCtx, HashAlg) > 0;
+ Result = EVP_PKEY_CTX_set_rsa_mgf1_md (KeyCtx, HashAlg) > 0;
}
+
if (Result) {
- Result = EVP_DigestVerifyUpdate(EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
+ Result = EVP_DigestVerifyUpdate (EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
}
+
if (Result) {
- Result = EVP_DigestVerifyFinal(EvpVerifyCtx, Signature, (UINT32)SigSize) > 0;
+ Result = EVP_DigestVerifyFinal (EvpVerifyCtx, Signature, (UINT32)SigSize) > 0;
}
-_Exit :
+_Exit:
if (EvpRsaKey != NULL) {
- EVP_PKEY_free(EvpRsaKey);
+ EVP_PKEY_free (EvpRsaKey);
}
+
if (EvpVerifyCtx != NULL) {
- EVP_MD_CTX_destroy(EvpVerifyCtx);
+ EVP_MD_CTX_destroy (EvpVerifyCtx);
}
return Result;
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c index 06187ff4ba..07c24f6e8d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c @@ -16,7 +16,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <openssl/objects.h>
#include <openssl/evp.h>
-
/**
Retrieve a pointer to EVP message digest object.
@@ -25,27 +24,26 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/
STATIC
const
-EVP_MD*
+EVP_MD *
GetEvpMD (
- IN UINT16 DigestLen
+ IN UINT16 DigestLen
)
{
- switch (DigestLen){
+ switch (DigestLen) {
case SHA256_DIGEST_SIZE:
- return EVP_sha256();
+ return EVP_sha256 ();
break;
case SHA384_DIGEST_SIZE:
- return EVP_sha384();
+ return EVP_sha384 ();
break;
case SHA512_DIGEST_SIZE:
- return EVP_sha512();
+ return EVP_sha512 ();
break;
default:
return NULL;
}
}
-
/**
Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.
@@ -90,23 +88,24 @@ RsaPssSign ( IN OUT UINTN *SigSize
)
{
- BOOLEAN Result;
- UINTN RsaSigSize;
- EVP_PKEY *EvpRsaKey;
- EVP_MD_CTX *EvpVerifyCtx;
- EVP_PKEY_CTX *KeyCtx;
- CONST EVP_MD *HashAlg;
-
- Result = FALSE;
- EvpRsaKey = NULL;
+ BOOLEAN Result;
+ UINTN RsaSigSize;
+ EVP_PKEY *EvpRsaKey;
+ EVP_MD_CTX *EvpVerifyCtx;
+ EVP_PKEY_CTX *KeyCtx;
+ CONST EVP_MD *HashAlg;
+
+ Result = FALSE;
+ EvpRsaKey = NULL;
EvpVerifyCtx = NULL;
- KeyCtx = NULL;
- HashAlg = NULL;
+ KeyCtx = NULL;
+ HashAlg = NULL;
if (RsaContext == NULL) {
return FALSE;
}
- if (Message == NULL || MsgSize == 0 || MsgSize > INT_MAX) {
+
+ if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {
return FALSE;
}
@@ -124,51 +123,56 @@ RsaPssSign ( return FALSE;
}
- HashAlg = GetEvpMD(DigestLen);
+ HashAlg = GetEvpMD (DigestLen);
if (HashAlg == NULL) {
return FALSE;
}
- EvpRsaKey = EVP_PKEY_new();
+ EvpRsaKey = EVP_PKEY_new ();
if (EvpRsaKey == NULL) {
goto _Exit;
}
- EVP_PKEY_set1_RSA(EvpRsaKey, RsaContext);
+ EVP_PKEY_set1_RSA (EvpRsaKey, RsaContext);
- EvpVerifyCtx = EVP_MD_CTX_create();
+ EvpVerifyCtx = EVP_MD_CTX_create ();
if (EvpVerifyCtx == NULL) {
goto _Exit;
}
- Result = EVP_DigestSignInit(EvpVerifyCtx, &KeyCtx, HashAlg, NULL, EvpRsaKey) > 0;
+ Result = EVP_DigestSignInit (EvpVerifyCtx, &KeyCtx, HashAlg, NULL, EvpRsaKey) > 0;
if (KeyCtx == NULL) {
goto _Exit;
}
if (Result) {
- Result = EVP_PKEY_CTX_set_rsa_padding(KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
+ Result = EVP_PKEY_CTX_set_rsa_padding (KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
}
+
if (Result) {
- Result = EVP_PKEY_CTX_set_rsa_pss_saltlen(KeyCtx, SaltLen) > 0;
+ Result = EVP_PKEY_CTX_set_rsa_pss_saltlen (KeyCtx, SaltLen) > 0;
}
+
if (Result) {
- Result = EVP_PKEY_CTX_set_rsa_mgf1_md(KeyCtx, HashAlg) > 0;
+ Result = EVP_PKEY_CTX_set_rsa_mgf1_md (KeyCtx, HashAlg) > 0;
}
+
if (Result) {
- Result = EVP_DigestSignUpdate(EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
+ Result = EVP_DigestSignUpdate (EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
}
+
if (Result) {
- Result = EVP_DigestSignFinal(EvpVerifyCtx, Signature, SigSize) > 0;
+ Result = EVP_DigestSignFinal (EvpVerifyCtx, Signature, SigSize) > 0;
}
-_Exit :
+_Exit:
if (EvpRsaKey != NULL) {
- EVP_PKEY_free(EvpRsaKey);
+ EVP_PKEY_free (EvpRsaKey);
}
+
if (EvpVerifyCtx != NULL) {
- EVP_MD_CTX_destroy(EvpVerifyCtx);
+ EVP_MD_CTX_destroy (EvpVerifyCtx);
}
return Result;
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c index 970e9b94a0..f118f2e9d6 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c @@ -21,9 +21,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent //
// OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1")
//
-UINT8 mSpcRFC3161OidValue[] = {
+UINT8 mSpcRFC3161OidValue[] = {
0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01
- };
+};
///
/// The messageImprint field SHOULD contain the hash of the datum to be
@@ -36,8 +36,8 @@ UINT8 mSpcRFC3161OidValue[] = { /// hashedMessage OCTET STRING }
///
typedef struct {
- X509_ALGOR *HashAlgorithm;
- ASN1_OCTET_STRING *HashedMessage;
+ X509_ALGOR *HashAlgorithm;
+ ASN1_OCTET_STRING *HashedMessage;
} TS_MESSAGE_IMPRINT;
//
@@ -60,9 +60,9 @@ IMPLEMENT_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT) /// micros [1] INTEGER (1..999) OPTIONAL }
///
typedef struct {
- ASN1_INTEGER *Seconds;
- ASN1_INTEGER *Millis;
- ASN1_INTEGER *Micros;
+ ASN1_INTEGER *Seconds;
+ ASN1_INTEGER *Millis;
+ ASN1_INTEGER *Micros;
} TS_ACCURACY;
//
@@ -70,7 +70,7 @@ typedef struct { //
DECLARE_ASN1_FUNCTIONS (TS_ACCURACY)
ASN1_SEQUENCE (TS_ACCURACY) = {
- ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER),
+ ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER),
ASN1_IMP_OPT (TS_ACCURACY, Millis, ASN1_INTEGER, 0),
ASN1_IMP_OPT (TS_ACCURACY, Micros, ASN1_INTEGER, 1)
} ASN1_SEQUENCE_END (TS_ACCURACY)
@@ -99,16 +99,16 @@ IMPLEMENT_ASN1_FUNCTIONS (TS_ACCURACY) /// extensions [1] IMPLICIT Extensions OPTIONAL }
///
typedef struct {
- ASN1_INTEGER *Version;
- ASN1_OBJECT *Policy;
- TS_MESSAGE_IMPRINT *MessageImprint;
- ASN1_INTEGER *SerialNumber;
- ASN1_GENERALIZEDTIME *GenTime;
- TS_ACCURACY *Accuracy;
- ASN1_BOOLEAN Ordering;
- ASN1_INTEGER *Nonce;
- GENERAL_NAME *Tsa;
- STACK_OF(X509_EXTENSION) *Extensions;
+ ASN1_INTEGER *Version;
+ ASN1_OBJECT *Policy;
+ TS_MESSAGE_IMPRINT *MessageImprint;
+ ASN1_INTEGER *SerialNumber;
+ ASN1_GENERALIZEDTIME *GenTime;
+ TS_ACCURACY *Accuracy;
+ ASN1_BOOLEAN Ordering;
+ ASN1_INTEGER *Nonce;
+ GENERAL_NAME *Tsa;
+ STACK_OF (X509_EXTENSION) *Extensions;
} TS_TST_INFO;
//
@@ -116,20 +116,19 @@ typedef struct { //
DECLARE_ASN1_FUNCTIONS (TS_TST_INFO)
ASN1_SEQUENCE (TS_TST_INFO) = {
- ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER),
- ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT),
- ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRINT),
- ASN1_SIMPLE (TS_TST_INFO, SerialNumber, ASN1_INTEGER),
- ASN1_SIMPLE (TS_TST_INFO, GenTime, ASN1_GENERALIZEDTIME),
- ASN1_OPT (TS_TST_INFO, Accuracy, TS_ACCURACY),
- ASN1_OPT (TS_TST_INFO, Ordering, ASN1_FBOOLEAN),
- ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER),
- ASN1_EXP_OPT(TS_TST_INFO, Tsa, GENERAL_NAME, 0),
- ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, 1)
+ ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER),
+ ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT),
+ ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRINT),
+ ASN1_SIMPLE (TS_TST_INFO, SerialNumber, ASN1_INTEGER),
+ ASN1_SIMPLE (TS_TST_INFO, GenTime, ASN1_GENERALIZEDTIME),
+ ASN1_OPT (TS_TST_INFO, Accuracy, TS_ACCURACY),
+ ASN1_OPT (TS_TST_INFO, Ordering, ASN1_FBOOLEAN),
+ ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER),
+ ASN1_EXP_OPT (TS_TST_INFO, Tsa, GENERAL_NAME, 0),
+ ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END (TS_TST_INFO)
IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
-
/**
Convert ASN.1 GeneralizedTime to EFI Time.
@@ -154,17 +153,19 @@ ConvertAsn1TimeToEfiTime ( return FALSE;
}
- Str = (CONST CHAR8*)Asn1Time->data;
+ Str = (CONST CHAR8 *)Asn1Time->data;
SetMem (EfiTime, sizeof (EFI_TIME), 0);
Index = 0;
- if (Asn1Time->type == V_ASN1_UTCTIME) { /* two digit year */
+ if (Asn1Time->type == V_ASN1_UTCTIME) {
+ /* two digit year */
EfiTime->Year = (Str[Index++] - '0') * 10;
EfiTime->Year += (Str[Index++] - '0');
if (EfiTime->Year < 70) {
EfiTime->Year += 100;
}
- } else if (Asn1Time->type == V_ASN1_GENERALIZEDTIME) { /* four digit year */
+ } else if (Asn1Time->type == V_ASN1_GENERALIZEDTIME) {
+ /* four digit year */
EfiTime->Year = (Str[Index++] - '0') * 1000;
EfiTime->Year += (Str[Index++] - '0') * 100;
EfiTime->Year += (Str[Index++] - '0') * 10;
@@ -174,20 +175,20 @@ ConvertAsn1TimeToEfiTime ( }
}
- EfiTime->Month = (Str[Index++] - '0') * 10;
- EfiTime->Month += (Str[Index++] - '0');
+ EfiTime->Month = (Str[Index++] - '0') * 10;
+ EfiTime->Month += (Str[Index++] - '0');
if ((EfiTime->Month < 1) || (EfiTime->Month > 12)) {
return FALSE;
}
- EfiTime->Day = (Str[Index++] - '0') * 10;
- EfiTime->Day += (Str[Index++] - '0');
+ EfiTime->Day = (Str[Index++] - '0') * 10;
+ EfiTime->Day += (Str[Index++] - '0');
if ((EfiTime->Day < 1) || (EfiTime->Day > 31)) {
return FALSE;
}
- EfiTime->Hour = (Str[Index++] - '0') * 10;
- EfiTime->Hour += (Str[Index++] - '0');
+ EfiTime->Hour = (Str[Index++] - '0') * 10;
+ EfiTime->Hour += (Str[Index++] - '0');
if (EfiTime->Hour > 23) {
return FALSE;
}
@@ -275,22 +276,27 @@ CheckTSTInfo ( goto _Exit;
}
- MdSize = EVP_MD_size (Md);
+ MdSize = EVP_MD_size (Md);
HashedMsg = AllocateZeroPool (MdSize);
if (HashedMsg == NULL) {
goto _Exit;
}
+
MdCtx = EVP_MD_CTX_new ();
if (MdCtx == NULL) {
goto _Exit;
}
+
if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) ||
(EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) ||
- (EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) {
+ (EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1))
+ {
goto _Exit;
}
+
if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&
- (CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) {
+ (CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0))
+ {
goto _Exit;
}
@@ -376,7 +382,8 @@ TimestampTokenVerify ( // Check input parameters
//
if ((TSToken == NULL) || (TsaCert == NULL) || (TimestampedData == NULL) ||
- (TokenSize > INT_MAX) || (CertSize > INT_MAX) || (DataSize > INT_MAX)) {
+ (TokenSize > INT_MAX) || (CertSize > INT_MAX) || (DataSize > INT_MAX))
+ {
return FALSE;
}
@@ -386,6 +393,7 @@ TimestampTokenVerify ( if (SigningTime != NULL) {
SetMem (SigningTime, sizeof (EFI_TIME), 0);
}
+
Pkcs7 = NULL;
Cert = NULL;
CertStore = NULL;
@@ -397,7 +405,7 @@ TimestampTokenVerify ( // TimeStamp Token should contain one valid DER-encoded ASN.1 PKCS#7 structure.
//
TokenTemp = TSToken;
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &TokenTemp, (int) TokenSize);
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&TokenTemp, (int)TokenSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
@@ -413,7 +421,7 @@ TimestampTokenVerify ( // Read the trusted TSA certificate (DER-encoded), and Construct X509 Certificate.
//
CertTemp = TsaCert;
- Cert = d2i_X509 (NULL, &CertTemp, (long) CertSize);
+ Cert = d2i_X509 (NULL, &CertTemp, (long)CertSize);
if (Cert == NULL) {
goto _Exit;
}
@@ -430,8 +438,10 @@ TimestampTokenVerify ( // Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.
//
- X509_STORE_set_flags (CertStore,
- X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
+ X509_STORE_set_flags (
+ CertStore,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
+ );
X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
@@ -442,6 +452,7 @@ TimestampTokenVerify ( if (OutBio == NULL) {
goto _Exit;
}
+
if (!PKCS7_verify (Pkcs7, NULL, CertStore, NULL, OutBio, PKCS7_BINARY)) {
goto _Exit;
}
@@ -453,14 +464,18 @@ TimestampTokenVerify ( if (TstData == NULL) {
goto _Exit;
}
- TstSize = BIO_read (OutBio, (void *) TstData, 2048);
+
+ TstSize = BIO_read (OutBio, (void *)TstData, 2048);
//
// Construct TS_TST_INFO structure from the signed contents.
//
TstTemp = TstData;
- TstInfo = d2i_TS_TST_INFO (NULL, (const unsigned char **) &TstTemp,
- (int)TstSize);
+ TstInfo = d2i_TS_TST_INFO (
+ NULL,
+ (const unsigned char **)&TstTemp,
+ (int)TstSize
+ );
if (TstInfo == NULL) {
goto _Exit;
}
@@ -527,19 +542,21 @@ ImageTimestampVerify ( OUT EFI_TIME *SigningTime
)
{
- BOOLEAN Status;
- PKCS7 *Pkcs7;
- CONST UINT8 *Temp;
- STACK_OF(PKCS7_SIGNER_INFO) *SignerInfos;
- PKCS7_SIGNER_INFO *SignInfo;
- UINTN Index;
- STACK_OF(X509_ATTRIBUTE) *Sk;
- X509_ATTRIBUTE *Xa;
- ASN1_OBJECT *XaObj;
- ASN1_TYPE *Asn1Type;
- ASN1_OCTET_STRING *EncDigest;
- UINT8 *TSToken;
- UINTN TokenSize;
+ BOOLEAN Status;
+ PKCS7 *Pkcs7;
+ CONST UINT8 *Temp;
+
+ STACK_OF (PKCS7_SIGNER_INFO) *SignerInfos;
+ PKCS7_SIGNER_INFO *SignInfo;
+ UINTN Index;
+
+ STACK_OF (X509_ATTRIBUTE) *Sk;
+ X509_ATTRIBUTE *Xa;
+ ASN1_OBJECT *XaObj;
+ ASN1_TYPE *Asn1Type;
+ ASN1_OCTET_STRING *EncDigest;
+ UINT8 *TSToken;
+ UINTN TokenSize;
//
// Input Parameters Checking.
@@ -556,22 +573,23 @@ ImageTimestampVerify ( // Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) == 0) ||
- (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0) {
+ (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
+ {
return FALSE;
}
//
// Initialization.
//
- Status = FALSE;
- Pkcs7 = NULL;
- SignInfo = NULL;
+ Status = FALSE;
+ Pkcs7 = NULL;
+ SignInfo = NULL;
//
// Decode ASN.1-encoded Authenticode data into PKCS7 structure.
//
Temp = AuthData;
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) DataSize);
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)DataSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
@@ -605,12 +623,13 @@ ImageTimestampVerify ( // of SignerInfo.
//
Sk = SignInfo->unauth_attr;
- if (Sk == NULL) { // No timestamp counterSignature.
+ if (Sk == NULL) {
+ // No timestamp counterSignature.
goto _Exit;
}
Asn1Type = NULL;
- for (Index = 0; Index < (UINTN) sk_X509_ATTRIBUTE_num (Sk); Index++) {
+ for (Index = 0; Index < (UINTN)sk_X509_ATTRIBUTE_num (Sk); Index++) {
//
// Search valid RFC3161 timestamp counterSignature based on OBJID.
//
@@ -618,21 +637,26 @@ ImageTimestampVerify ( if (Xa == NULL) {
continue;
}
- XaObj = X509_ATTRIBUTE_get0_object(Xa);
+
+ XaObj = X509_ATTRIBUTE_get0_object (Xa);
if (XaObj == NULL) {
continue;
}
- if ((OBJ_length(XaObj) != sizeof (mSpcRFC3161OidValue)) ||
- (CompareMem (OBJ_get0_data(XaObj), mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {
+
+ if ((OBJ_length (XaObj) != sizeof (mSpcRFC3161OidValue)) ||
+ (CompareMem (OBJ_get0_data (XaObj), mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0))
+ {
continue;
}
- Asn1Type = X509_ATTRIBUTE_get0_type(Xa, 0);
+
+ Asn1Type = X509_ATTRIBUTE_get0_type (Xa, 0);
}
if (Asn1Type == NULL) {
Status = FALSE;
goto _Exit;
}
+
TSToken = Asn1Type->value.octet_string->data;
TokenSize = Asn1Type->value.octet_string->length;
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index ff96d30b57..e6bb45e641 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -38,7 +38,7 @@ X509ConstructCertificate ( //
// Check input parameters.
//
- if (Cert == NULL || SingleX509Cert == NULL || CertSize > INT_MAX) {
+ if ((Cert == NULL) || (SingleX509Cert == NULL) || (CertSize > INT_MAX)) {
return FALSE;
}
@@ -46,12 +46,12 @@ X509ConstructCertificate ( // Read DER-encoded X509 Certificate and Construct X509 object.
//
Temp = Cert;
- X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
+ X509Cert = d2i_X509 (NULL, &Temp, (long)CertSize);
if (X509Cert == NULL) {
return FALSE;
}
- *SingleX509Cert = (UINT8 *) X509Cert;
+ *SingleX509Cert = (UINT8 *)X509Cert;
return TRUE;
}
@@ -82,12 +82,13 @@ X509ConstructCertificateStackV ( IN VA_LIST Args
)
{
- UINT8 *Cert;
- UINTN CertSize;
- X509 *X509Cert;
- STACK_OF(X509) *CertStack;
- BOOLEAN Status;
- UINTN Index;
+ UINT8 *Cert;
+ UINTN CertSize;
+ X509 *X509Cert;
+
+ STACK_OF (X509) *CertStack;
+ BOOLEAN Status;
+ UINTN Index;
//
// Check input parameters.
@@ -101,7 +102,7 @@ X509ConstructCertificateStackV ( //
// Initialize X509 stack object.
//
- CertStack = (STACK_OF(X509) *) (*X509Stack);
+ CertStack = (STACK_OF (X509) *)(*X509Stack);
if (CertStack == NULL) {
CertStack = sk_X509_new_null ();
if (CertStack == NULL) {
@@ -127,15 +128,16 @@ X509ConstructCertificateStackV ( // Construct X509 Object from the given DER-encoded certificate data.
//
X509Cert = NULL;
- Status = X509ConstructCertificate (
- (CONST UINT8 *) Cert,
- CertSize,
- (UINT8 **) &X509Cert
- );
+ Status = X509ConstructCertificate (
+ (CONST UINT8 *)Cert,
+ CertSize,
+ (UINT8 **)&X509Cert
+ );
if (!Status) {
if (X509Cert != NULL) {
X509_free (X509Cert);
}
+
break;
}
@@ -148,7 +150,7 @@ X509ConstructCertificateStackV ( if (!Status) {
sk_X509_pop_free (CertStack, X509_free);
} else {
- *X509Stack = (UINT8 *) CertStack;
+ *X509Stack = (UINT8 *)CertStack;
}
return Status;
@@ -210,7 +212,7 @@ X509Free ( //
// Free OpenSSL X509 object.
//
- X509_free ((X509 *) X509Cert);
+ X509_free ((X509 *)X509Cert);
}
/**
@@ -237,7 +239,7 @@ X509StackFree ( //
// Free OpenSSL X509 stack object.
//
- sk_X509_pop_free ((STACK_OF(X509) *) X509Stack, X509_free);
+ sk_X509_pop_free ((STACK_OF (X509) *) X509Stack, X509_free);
}
/**
@@ -274,7 +276,7 @@ X509GetSubjectName ( //
// Check input parameters.
//
- if (Cert == NULL || SubjectSize == NULL) {
+ if ((Cert == NULL) || (SubjectSize == NULL)) {
return FALSE;
}
@@ -283,7 +285,7 @@ X509GetSubjectName ( //
// Read DER-encoded X509 Certificate and Construct X509 object.
//
- Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
@@ -299,14 +301,15 @@ X509GetSubjectName ( goto _Exit;
}
- X509NameSize = i2d_X509_NAME(X509Name, NULL);
+ X509NameSize = i2d_X509_NAME (X509Name, NULL);
if (*SubjectSize < X509NameSize) {
*SubjectSize = X509NameSize;
goto _Exit;
}
+
*SubjectSize = X509NameSize;
if (CertSubject != NULL) {
- i2d_X509_NAME(X509Name, &CertSubject);
+ i2d_X509_NAME (X509Name, &CertSubject);
Status = TRUE;
}
@@ -351,11 +354,11 @@ _Exit: STATIC
RETURN_STATUS
InternalX509GetNIDName (
- IN CONST UINT8 *Cert,
- IN UINTN CertSize,
- IN INT32 Request_NID,
- OUT CHAR8 *CommonName OPTIONAL,
- IN OUT UINTN *CommonNameSize
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ IN INT32 Request_NID,
+ OUT CHAR8 *CommonName OPTIONAL,
+ IN OUT UINTN *CommonNameSize
)
{
RETURN_STATUS ReturnStatus;
@@ -377,6 +380,7 @@ InternalX509GetNIDName ( if ((Cert == NULL) || (CertSize > INT_MAX) || (CommonNameSize == NULL)) {
return ReturnStatus;
}
+
if ((CommonName != NULL) && (*CommonNameSize == 0)) {
return ReturnStatus;
}
@@ -385,7 +389,7 @@ InternalX509GetNIDName ( //
// Read DER-encoded X509 Certificate and Construct X509 object.
//
- Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
if ((X509Cert == NULL) || (!Status)) {
//
// Invalid X.509 Certificate
@@ -443,12 +447,12 @@ InternalX509GetNIDName ( if (CommonName == NULL) {
*CommonNameSize = Length + 1;
- ReturnStatus = RETURN_BUFFER_TOO_SMALL;
+ ReturnStatus = RETURN_BUFFER_TOO_SMALL;
} else {
*CommonNameSize = MIN ((UINTN)Length, *CommonNameSize - 1) + 1;
CopyMem (CommonName, UTF8Name, *CommonNameSize - 1);
CommonName[*CommonNameSize - 1] = '\0';
- ReturnStatus = RETURN_SUCCESS;
+ ReturnStatus = RETURN_SUCCESS;
}
_Exit:
@@ -458,6 +462,7 @@ _Exit: if (X509Cert != NULL) {
X509_free (X509Cert);
}
+
if (UTF8Name != NULL) {
OPENSSL_free (UTF8Name);
}
@@ -532,10 +537,10 @@ X509GetCommonName ( RETURN_STATUS
EFIAPI
X509GetOrganizationName (
- IN CONST UINT8 *Cert,
- IN UINTN CertSize,
- OUT CHAR8 *NameBuffer OPTIONAL,
- IN OUT UINTN *NameBufferSize
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT CHAR8 *NameBuffer OPTIONAL,
+ IN OUT UINTN *NameBufferSize
)
{
return InternalX509GetNIDName (Cert, CertSize, NID_organizationName, NameBuffer, NameBufferSize);
@@ -572,7 +577,7 @@ RsaGetPublicKeyFromX509 ( //
// Check input parameters.
//
- if (Cert == NULL || RsaContext == NULL) {
+ if ((Cert == NULL) || (RsaContext == NULL)) {
return FALSE;
}
@@ -582,7 +587,7 @@ RsaGetPublicKeyFromX509 ( //
// Read DER-encoded X509 Certificate and Construct X509 object.
//
- Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
@@ -654,7 +659,7 @@ X509VerifyCert ( //
// Check input parameters.
//
- if (Cert == NULL || CACert == NULL) {
+ if ((Cert == NULL) || (CACert == NULL)) {
return FALSE;
}
@@ -670,9 +675,11 @@ X509VerifyCert ( if (EVP_add_digest (EVP_md5 ()) == 0) {
goto _Exit;
}
+
if (EVP_add_digest (EVP_sha1 ()) == 0) {
goto _Exit;
}
+
if (EVP_add_digest (EVP_sha256 ()) == 0) {
goto _Exit;
}
@@ -680,7 +687,7 @@ X509VerifyCert ( //
// Read DER-encoded certificate to be verified and Construct X509 object.
//
- Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
+ Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
@@ -689,7 +696,7 @@ X509VerifyCert ( //
// Read DER-encoded root certificate and Construct X509 object.
//
- Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);
+ Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **)&X509CACert);
if ((X509CACert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
@@ -704,6 +711,7 @@ X509VerifyCert ( if (CertStore == NULL) {
goto _Exit;
}
+
if (!(X509_STORE_add_cert (CertStore, X509CACert))) {
goto _Exit;
}
@@ -712,8 +720,10 @@ X509VerifyCert ( // Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.
//
- X509_STORE_set_flags (CertStore,
- X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
+ X509_STORE_set_flags (
+ CertStore,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
+ );
//
// Set up X509_STORE_CTX for the subsequent verification operation.
@@ -722,6 +732,7 @@ X509VerifyCert ( if (CertCtx == NULL) {
goto _Exit;
}
+
if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) {
goto _Exit;
}
@@ -729,7 +740,7 @@ X509VerifyCert ( //
// X509 Certificate Verification.
//
- Status = (BOOLEAN) X509_verify_cert (CertCtx);
+ Status = (BOOLEAN)X509_verify_cert (CertCtx);
X509_STORE_CTX_cleanup (CertCtx);
_Exit:
@@ -787,7 +798,8 @@ X509GetTBSCert ( // Check input parameters.
//
if ((Cert == NULL) || (TBSCert == NULL) ||
- (TBSCertSize == NULL) || (CertSize > INT_MAX)) {
+ (TBSCertSize == NULL) || (CertSize > INT_MAX))
+ {
return FALSE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c index 2835f20a1d..38819723c7 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c @@ -205,10 +205,10 @@ X509GetCommonName ( RETURN_STATUS
EFIAPI
X509GetOrganizationName (
- IN CONST UINT8 *Cert,
- IN UINTN CertSize,
- OUT CHAR8 *NameBuffer OPTIONAL,
- IN OUT UINTN *NameBufferSize
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ OUT CHAR8 *NameBuffer OPTIONAL,
+ IN OUT UINTN *NameBufferSize
)
{
ASSERT (FALSE);
|