1. Enable the whole X509v3 extension checking.
2. Replace d2i_X509_bio with d2i_X509. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ling Qin <qin.long@intel.com> Reviewed-by: Ouyang Qian <qian.ouyang@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14026 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -25,6 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
|
||||
@@ -543,7 +544,6 @@ Pkcs7Verify (
|
||||
)
|
||||
{
|
||||
PKCS7 *Pkcs7;
|
||||
BIO *CertBio;
|
||||
BIO *DataBio;
|
||||
BOOLEAN Status;
|
||||
X509 *Cert;
|
||||
@@ -562,7 +562,6 @@ Pkcs7Verify (
|
||||
}
|
||||
|
||||
Pkcs7 = NULL;
|
||||
CertBio = NULL;
|
||||
DataBio = NULL;
|
||||
Cert = NULL;
|
||||
CertStore = NULL;
|
||||
@@ -614,12 +613,7 @@ Pkcs7Verify (
|
||||
//
|
||||
// Read DER-encoded root certificate and Construct X509 Certificate
|
||||
//
|
||||
CertBio = BIO_new (BIO_s_mem ());
|
||||
BIO_write (CertBio, TrustedCert, (int)CertLength);
|
||||
if (CertBio == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
Cert = d2i_X509_bio (CertBio, NULL);
|
||||
Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength);
|
||||
if (Cert == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -648,6 +642,13 @@ Pkcs7Verify (
|
||||
DataBio = BIO_new (BIO_s_mem ());
|
||||
BIO_write (DataBio, InData, (int)DataLength);
|
||||
|
||||
//
|
||||
// OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and
|
||||
// doesn't support the extended key usage for Authenticode Code Signing.
|
||||
// Bypass the certificate purpose checking by enabling any purposes setting.
|
||||
//
|
||||
X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
|
||||
|
||||
//
|
||||
// Verifies the PKCS#7 signedData structure
|
||||
//
|
||||
@@ -658,7 +659,6 @@ _Exit:
|
||||
// Release Resources
|
||||
//
|
||||
BIO_free (DataBio);
|
||||
BIO_free (CertBio);
|
||||
X509_free (Cert);
|
||||
X509_STORE_free (CertStore);
|
||||
PKCS7_free (Pkcs7);
|
||||
|
Reference in New Issue
Block a user