1. Remove conducting ASSERT in BaseCryptLib.
Signed-off-by: sfu5 Reviewed-by: qianouyang Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13110 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
Authenticode Portable Executable Signature Verification over OpenSSL.
|
||||
|
||||
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -23,8 +23,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
|
||||
Authenticode Portable Executable Signature Format".
|
||||
|
||||
If AuthData is NULL, then ASSERT().
|
||||
If ImageHash is NULL, then ASSERT().
|
||||
If AuthData is NULL, then return FALSE.
|
||||
If ImageHash is NULL, then return FALSE.
|
||||
|
||||
@param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
|
||||
PE/COFF image to be verified.
|
||||
@@ -60,11 +60,15 @@ AuthenticodeVerify (
|
||||
UINTN ContentSize;
|
||||
|
||||
//
|
||||
// ASSERT if Authenticode Signature Data or PE Image Hash is NULL.
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (AuthData != NULL);
|
||||
ASSERT (ImageHash != NULL);
|
||||
ASSERT (DataSize <= INT_MAX);
|
||||
if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Status = FALSE;
|
||||
Pkcs7 = NULL;
|
||||
@@ -96,6 +100,7 @@ AuthenticodeVerify (
|
||||
// Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent.
|
||||
//
|
||||
Asn1Byte = *(SpcIndirectDataContent + 1);
|
||||
|
||||
if ((Asn1Byte & 0x80) == 0) {
|
||||
//
|
||||
// Short Form of Length Encoding
|
||||
@@ -105,9 +110,9 @@ AuthenticodeVerify (
|
||||
// Skip the SEQUENCE Tag;
|
||||
//
|
||||
SpcIndirectDataContent += 2;
|
||||
} else {
|
||||
} else if ((Asn1Byte & 0x82) == 0x82) {
|
||||
//
|
||||
// Long Form of Length Encoding (Assume Only two bytes here)
|
||||
// Long Form of Length Encoding, only support two bytes.
|
||||
//
|
||||
ContentSize = (UINTN) (*(SpcIndirectDataContent + 2));
|
||||
ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3));
|
||||
@@ -115,6 +120,8 @@ AuthenticodeVerify (
|
||||
// Skip the SEQUENCE Tag;
|
||||
//
|
||||
SpcIndirectDataContent += 4;
|
||||
} else {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
|
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
Diffie-Hellman Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -38,7 +38,7 @@ DhNew (
|
||||
/**
|
||||
Release the specified DH context.
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
If DhContext is NULL, then return FALSE.
|
||||
|
||||
@param[in] DhContext Pointer to the DH context to be released.
|
||||
|
||||
@@ -64,8 +64,8 @@ DhFree (
|
||||
Before this function can be invoked, pseudorandom number generator must be correctly
|
||||
initialized by RandomSeed().
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
If Prime is NULL, then ASSERT().
|
||||
If DhContext is NULL, then return FALSE.
|
||||
If Prime is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@@ -88,6 +88,13 @@ DhGenerateParameter (
|
||||
{
|
||||
BOOLEAN RetVal;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (DhContext == NULL || Prime == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
|
||||
return FALSE;
|
||||
}
|
||||
@@ -108,8 +115,8 @@ DhGenerateParameter (
|
||||
Given generator g, and prime number p, this function and sets DH
|
||||
context accordingly.
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
If Prime is NULL, then ASSERT().
|
||||
If DhContext is NULL, then return FALSE.
|
||||
If Prime is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] Generator Value of generator.
|
||||
@@ -134,6 +141,13 @@ DhSetParameter (
|
||||
{
|
||||
DH *Dh;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (DhContext == NULL || Prime == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
|
||||
return FALSE;
|
||||
}
|
||||
@@ -156,9 +170,9 @@ DhSetParameter (
|
||||
If the PublicKey buffer is too small to hold the public key, FALSE is returned and
|
||||
PublicKeySize is set to the required buffer size to obtain the public key.
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
If PublicKeySize is NULL, then ASSERT().
|
||||
If PublicKeySize is large enough but PublicKey is NULL, then ASSERT().
|
||||
If DhContext is NULL, then return FALSE.
|
||||
If PublicKeySize is NULL, then return FALSE.
|
||||
If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[out] PublicKey Pointer to the buffer to receive generated public key.
|
||||
@@ -181,6 +195,17 @@ DhGenerateKey (
|
||||
BOOLEAN RetVal;
|
||||
DH *Dh;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (DhContext == NULL || PublicKeySize == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (PublicKey == NULL && *PublicKeySize != 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Dh = (DH *) DhContext;
|
||||
*PublicKeySize = 0;
|
||||
|
||||
@@ -199,10 +224,10 @@ DhGenerateKey (
|
||||
Given peer's public key, this function computes the exchanged common key, based on its own
|
||||
context including value of prime modulus and random secret exponent.
|
||||
|
||||
If DhContext is NULL, then ASSERT().
|
||||
If PeerPublicKey is NULL, then ASSERT().
|
||||
If KeySize is NULL, then ASSERT().
|
||||
If KeySize is large enough but Key is NULL, then ASSERT().
|
||||
If DhContext is NULL, then return FALSE.
|
||||
If PeerPublicKey is NULL, then return FALSE.
|
||||
If KeySize is NULL, then return FALSE.
|
||||
If KeySize is large enough but Key is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] DhContext Pointer to the DH context.
|
||||
@param[in] PeerPublicKey Pointer to the peer's public key.
|
||||
@@ -228,6 +253,17 @@ DhComputeKey (
|
||||
{
|
||||
BIGNUM *Bn;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (Key == NULL && *KeySize != 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
|
||||
|
||||
*KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext);
|
||||
|
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -150,13 +150,10 @@ Pkcs7Sign (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (PrivateKey != NULL);
|
||||
ASSERT (KeyPassword != NULL);
|
||||
ASSERT (InData != NULL);
|
||||
ASSERT (SignCert != NULL);
|
||||
ASSERT (SignedData != NULL);
|
||||
ASSERT (SignedDataSize != NULL);
|
||||
ASSERT (InDataSize <= INT_MAX);
|
||||
if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
|
||||
SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RsaContext = NULL;
|
||||
Key = NULL;
|
||||
@@ -285,7 +282,8 @@ _Exit:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
in a ContentInfo structure.
|
||||
|
||||
If P7Data is NULL, then ASSERT().
|
||||
If P7Data, TrustedCert or InData is NULL, then return FALSE.
|
||||
If P7Length, CertLength or DataLength overflow, then return FAlSE.
|
||||
|
||||
@param[in] P7Data Pointer to the PKCS#7 message to verify.
|
||||
@param[in] P7Length Length of the PKCS#7 message in bytes.
|
||||
@@ -322,15 +320,13 @@ Pkcs7Verify (
|
||||
BOOLEAN Wrapped;
|
||||
|
||||
//
|
||||
// ASSERT if any input parameter is invalid.
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (P7Data != NULL);
|
||||
ASSERT (TrustedCert != NULL);
|
||||
ASSERT (InData != NULL);
|
||||
ASSERT (P7Length <= INT_MAX);
|
||||
ASSERT (CertLength <= INT_MAX);
|
||||
ASSERT (DataLength <= INT_MAX);
|
||||
|
||||
if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
|
||||
P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Status = FALSE;
|
||||
Pkcs7 = NULL;
|
||||
CertBio = NULL;
|
||||
|
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -60,7 +60,7 @@ RsaNew (
|
||||
/**
|
||||
Release the specified RSA context.
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to the RSA context to be released.
|
||||
|
||||
@@ -71,8 +71,6 @@ RsaFree (
|
||||
IN VOID *RsaContext
|
||||
)
|
||||
{
|
||||
ASSERT (RsaContext != NULL);
|
||||
|
||||
//
|
||||
// Free OpenSSL RSA Context
|
||||
//
|
||||
@@ -87,7 +85,7 @@ RsaFree (
|
||||
represented in RSA PKCS#1).
|
||||
If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@@ -113,10 +111,11 @@ RsaSetKey (
|
||||
RSA *RsaKey;
|
||||
|
||||
//
|
||||
// ASSERT if RsaContext is NULL
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (RsaContext != NULL);
|
||||
|
||||
if (RsaContext == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RsaKey = (RSA *)RsaContext;
|
||||
//
|
||||
@@ -256,9 +255,9 @@ RsaSetKey (
|
||||
If the BigNumber buffer is too small to hold the contents of the key, FALSE
|
||||
is returned and BnSize is set to the required buffer size to obtain the key.
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If BnSize is NULL, then ASSERT().
|
||||
If BnSize is large enough but BigNumber is NULL, then ASSERT().
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If BnSize is NULL, then return FALSE.
|
||||
If BnSize is large enough but BigNumber is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] KeyTag Tag of RSA key component being set.
|
||||
@@ -284,8 +283,12 @@ RsaGetKey (
|
||||
BIGNUM *BnKey;
|
||||
UINTN Size;
|
||||
|
||||
ASSERT (RsaContext != NULL);
|
||||
ASSERT (BnSize != NULL);
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || BnSize == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RsaKey = (RSA *) RsaContext;
|
||||
Size = *BnSize;
|
||||
@@ -385,7 +388,9 @@ RsaGetKey (
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
ASSERT (BigNumber != NULL);
|
||||
if (BigNumber == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
*BnSize = BN_bn2bin (BnKey, BigNumber) ;
|
||||
|
||||
return TRUE;
|
||||
@@ -401,7 +406,7 @@ RsaGetKey (
|
||||
Before this function can be invoked, pseudorandom number generator must be correctly
|
||||
initialized by RandomSeed().
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] RsaContext Pointer to RSA context being set.
|
||||
@param[in] ModulusLength Length of RSA modulus N in bits.
|
||||
@@ -424,8 +429,13 @@ RsaGenerateKey (
|
||||
BIGNUM *KeyE;
|
||||
BOOLEAN RetVal;
|
||||
|
||||
ASSERT (RsaContext != NULL);
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
KeyE = BN_new ();
|
||||
if (PublicExponent == NULL) {
|
||||
BN_set_word (KeyE, 0x10001);
|
||||
@@ -451,7 +461,7 @@ RsaGenerateKey (
|
||||
- Whether n = p * q
|
||||
- Whether d*e = 1 mod lcm(p-1,q-1)
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context to check.
|
||||
|
||||
@@ -467,8 +477,13 @@ RsaCheckKey (
|
||||
{
|
||||
UINTN Reason;
|
||||
|
||||
ASSERT (RsaContext != NULL);
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (RSA_check_key ((RSA *) RsaContext) != 1) {
|
||||
Reason = ERR_GET_REASON (ERR_peek_last_error ());
|
||||
if (Reason == RSA_R_P_NOT_PRIME ||
|
||||
@@ -502,8 +517,12 @@ DigestInfoEncoding (
|
||||
CONST UINT8 *HashDer;
|
||||
UINTN DerSize;
|
||||
|
||||
ASSERT (Message != NULL);
|
||||
ASSERT (DigestInfo != NULL);
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Message == NULL || DigestInfo == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// The original message length is used to determine the hash algorithm since
|
||||
@@ -543,10 +562,10 @@ DigestInfoEncoding (
|
||||
If the Signature buffer is too small to hold the contents of signature, FALSE
|
||||
is returned and SigSize is set to the required buffer size to obtain the signature.
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If MessageHash is NULL, then ASSERT().
|
||||
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT().
|
||||
If SigSize is large enough but Signature is NULL, then ASSERT().
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If MessageHash is NULL, then return FALSE.
|
||||
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
|
||||
If SigSize is large enough but Signature is NULL, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature generation.
|
||||
@param[in] MessageHash Pointer to octet message hash to be signed.
|
||||
@@ -574,11 +593,13 @@ RsaPkcs1Sign (
|
||||
UINTN Size;
|
||||
INTN ReturnVal;
|
||||
|
||||
ASSERT (RsaContext != NULL);
|
||||
ASSERT (MessageHash != NULL);
|
||||
ASSERT ((HashSize == MD5_DIGEST_SIZE) ||
|
||||
(HashSize == SHA1_DIGEST_SIZE) ||
|
||||
(HashSize == SHA256_DIGEST_SIZE));
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || MessageHash == NULL ||
|
||||
(HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Rsa = (RSA *) RsaContext;
|
||||
Size = BN_num_bytes (Rsa->n);
|
||||
@@ -588,7 +609,9 @@ RsaPkcs1Sign (
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
ASSERT (Signature != NULL);
|
||||
if (Signature == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Size = DigestInfoEncoding (MessageHash, HashSize, Signature);
|
||||
|
||||
@@ -612,10 +635,10 @@ RsaPkcs1Sign (
|
||||
Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
|
||||
RSA PKCS#1.
|
||||
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If MessageHash is NULL, then ASSERT().
|
||||
If Signature is NULL, then ASSERT().
|
||||
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT().
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
If MessageHash is NULL, then return FALSE.
|
||||
If Signature is NULL, then return FALSE.
|
||||
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
|
||||
|
||||
@param[in] RsaContext Pointer to RSA context for signature verification.
|
||||
@param[in] MessageHash Pointer to octet message hash to be checked.
|
||||
@@ -640,19 +663,21 @@ RsaPkcs1Verify (
|
||||
INTN Length;
|
||||
|
||||
//
|
||||
// ASSERT if RsaContext, MessageHash or Signature is NULL
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (RsaContext != NULL);
|
||||
ASSERT (MessageHash != NULL);
|
||||
ASSERT (Signature != NULL);
|
||||
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// ASSERT if unsupported hash size:
|
||||
// Check for unsupported hash size:
|
||||
// Only MD5, SHA-1 or SHA-256 digest size is supported
|
||||
//
|
||||
ASSERT ((HashSize == MD5_DIGEST_SIZE) || (HashSize == SHA1_DIGEST_SIZE) ||
|
||||
(HashSize == SHA256_DIGEST_SIZE));
|
||||
|
||||
if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
|
||||
//
|
||||
|
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
X.509 Certificate Handler Wrapper Implementation over OpenSSL.
|
||||
|
||||
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -19,8 +19,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
/**
|
||||
Construct a X509 object from DER-encoded certificate data.
|
||||
|
||||
If Cert is NULL, then ASSERT().
|
||||
If SingleX509Cert is NULL, then ASSERT().
|
||||
If Cert is NULL, then return FALSE.
|
||||
If SingleX509Cert is NULL, then return FALSE.
|
||||
|
||||
@param[in] Cert Pointer to the DER-encoded certificate data.
|
||||
@param[in] CertSize The size of certificate data in bytes.
|
||||
@@ -43,11 +43,11 @@ X509ConstructCertificate (
|
||||
BOOLEAN Status;
|
||||
|
||||
//
|
||||
// ASSERT if Cert is NULL or SingleX509Cert is NULL.
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (Cert != NULL);
|
||||
ASSERT (SingleX509Cert != NULL);
|
||||
ASSERT (CertSize <= INT_MAX);
|
||||
if (Cert == NULL || SingleX509Cert == NULL || CertSize > INT_MAX) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Status = FALSE;
|
||||
|
||||
@@ -79,7 +79,7 @@ _Exit:
|
||||
/**
|
||||
Construct a X509 stack object from a list of DER-encoded certificate data.
|
||||
|
||||
If X509Stack is NULL, then ASSERT().
|
||||
If X509Stack is NULL, then return FALSE.
|
||||
|
||||
@param[in, out] X509Stack On input, pointer to an existing X509 stack object.
|
||||
On output, pointer to the X509 stack object with new
|
||||
@@ -108,9 +108,11 @@ X509ConstructCertificateStack (
|
||||
UINTN Index;
|
||||
|
||||
//
|
||||
// ASSERT if input X509Stack is NULL.
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (X509Stack != NULL);
|
||||
if (X509Stack == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Status = FALSE;
|
||||
|
||||
@@ -171,7 +173,7 @@ X509ConstructCertificateStack (
|
||||
/**
|
||||
Release the specified X509 object.
|
||||
|
||||
If X509Cert is NULL, then ASSERT().
|
||||
If X509Cert is NULL, then return FALSE.
|
||||
|
||||
@param[in] X509Cert Pointer to the X509 object to be released.
|
||||
|
||||
@@ -181,9 +183,14 @@ EFIAPI
|
||||
X509Free (
|
||||
IN VOID *X509Cert
|
||||
)
|
||||
{
|
||||
ASSERT (X509Cert != NULL);
|
||||
|
||||
{
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (X509Cert == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
//
|
||||
// Free OpenSSL X509 object.
|
||||
//
|
||||
@@ -193,7 +200,7 @@ X509Free (
|
||||
/**
|
||||
Release the specified X509 stack object.
|
||||
|
||||
If X509Stack is NULL, then ASSERT().
|
||||
If X509Stack is NULL, then return FALSE.
|
||||
|
||||
@param[in] X509Stack Pointer to the X509 stack object to be released.
|
||||
|
||||
@@ -204,8 +211,13 @@ X509StackFree (
|
||||
IN VOID *X509Stack
|
||||
)
|
||||
{
|
||||
ASSERT (X509Stack != NULL);
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (X509Stack == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
//
|
||||
// Free OpenSSL X509 stack object.
|
||||
//
|
||||
@@ -221,8 +233,8 @@ X509StackFree (
|
||||
@param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
|
||||
and the size of buffer returned CertSubject on output.
|
||||
|
||||
If Cert is NULL, then ASSERT().
|
||||
If SubjectSize is NULL, then ASSERT().
|
||||
If Cert is NULL, then return FALSE.
|
||||
If SubjectSize is NULL, then return FALSE.
|
||||
|
||||
@retval TRUE The certificate subject retrieved successfully.
|
||||
@retval FALSE Invalid certificate, or the SubjectSize is too small for the result.
|
||||
@@ -243,10 +255,11 @@ X509GetSubjectName (
|
||||
X509_NAME *X509Name;
|
||||
|
||||
//
|
||||
// ASSERT if Cert is NULL or SubjectSize is NULL.
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (Cert != NULL);
|
||||
ASSERT (SubjectSize != NULL);
|
||||
if (Cert == NULL || SubjectSize == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Status = FALSE;
|
||||
X509Cert = NULL;
|
||||
@@ -291,8 +304,8 @@ _Exit:
|
||||
RSA public key component. Use RsaFree() function to free the
|
||||
resource.
|
||||
|
||||
If Cert is NULL, then ASSERT().
|
||||
If RsaContext is NULL, then ASSERT().
|
||||
If Cert is NULL, then return FALSE.
|
||||
If RsaContext is NULL, then return FALSE.
|
||||
|
||||
@retval TRUE RSA Public Key was retrieved successfully.
|
||||
@retval FALSE Fail to retrieve RSA public key from X509 certificate.
|
||||
@@ -309,12 +322,13 @@ RsaGetPublicKeyFromX509 (
|
||||
BOOLEAN Status;
|
||||
EVP_PKEY *Pkey;
|
||||
X509 *X509Cert;
|
||||
|
||||
|
||||
//
|
||||
// ASSERT if Cert is NULL or RsaContext is NULL.
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (Cert != NULL);
|
||||
ASSERT (RsaContext != NULL);
|
||||
if (Cert == NULL || RsaContext == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Status = FALSE;
|
||||
Pkey = NULL;
|
||||
@@ -361,8 +375,8 @@ _Exit:
|
||||
@param[in] CACert Pointer to the DER-encoded trusted CA certificate.
|
||||
@param[in] CACertSize Size of the CA Certificate in bytes.
|
||||
|
||||
If Cert is NULL, then ASSERT().
|
||||
If CACert is NULL, then ASSERT().
|
||||
If Cert is NULL, then return FALSE.
|
||||
If CACert is NULL, then return FALSE.
|
||||
|
||||
@retval TRUE The certificate was issued by the trusted CA.
|
||||
@retval FALSE Invalid certificate or the certificate was not issued by the given
|
||||
@@ -383,12 +397,13 @@ X509VerifyCert (
|
||||
X509 *X509CACert;
|
||||
X509_STORE *CertStore;
|
||||
X509_STORE_CTX CertCtx;
|
||||
|
||||
|
||||
//
|
||||
// ASSERT if Cert is NULL or CACert is NULL.
|
||||
// Check input parameters.
|
||||
//
|
||||
ASSERT (Cert != NULL);
|
||||
ASSERT (CACert != NULL);
|
||||
if (Cert == NULL || CACert == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Status = FALSE;
|
||||
X509Cert = NULL;
|
||||
|
Reference in New Issue
Block a user