1. Remove conducting ASSERT in BaseCryptLib.

Signed-off-by: sfu5
Reviewed-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13110 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
sfu5
2012-03-19 05:52:16 +00:00
parent bd0de3963b
commit 16d2c32c4d
21 changed files with 681 additions and 532 deletions

View File

@@ -1,7 +1,7 @@
/** @file
Authenticode Portable Executable Signature Verification over OpenSSL.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -23,8 +23,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
Authenticode Portable Executable Signature Format".
If AuthData is NULL, then ASSERT().
If ImageHash is NULL, then ASSERT().
If AuthData is NULL, then return FALSE.
If ImageHash is NULL, then return FALSE.
@param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
PE/COFF image to be verified.
@@ -60,11 +60,15 @@ AuthenticodeVerify (
UINTN ContentSize;
//
// ASSERT if Authenticode Signature Data or PE Image Hash is NULL.
// Check input parameters.
//
ASSERT (AuthData != NULL);
ASSERT (ImageHash != NULL);
ASSERT (DataSize <= INT_MAX);
if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) {
return FALSE;
}
if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) {
return FALSE;
}
Status = FALSE;
Pkcs7 = NULL;
@@ -96,6 +100,7 @@ AuthenticodeVerify (
// Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent.
//
Asn1Byte = *(SpcIndirectDataContent + 1);
if ((Asn1Byte & 0x80) == 0) {
//
// Short Form of Length Encoding
@@ -105,9 +110,9 @@ AuthenticodeVerify (
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 2;
} else {
} else if ((Asn1Byte & 0x82) == 0x82) {
//
// Long Form of Length Encoding (Assume Only two bytes here)
// Long Form of Length Encoding, only support two bytes.
//
ContentSize = (UINTN) (*(SpcIndirectDataContent + 2));
ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3));
@@ -115,6 +120,8 @@ AuthenticodeVerify (
// Skip the SEQUENCE Tag;
//
SpcIndirectDataContent += 4;
} else {
goto _Exit;
}
//

View File

@@ -1,7 +1,7 @@
/** @file
Diffie-Hellman Wrapper Implementation over OpenSSL.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -38,7 +38,7 @@ DhNew (
/**
Release the specified DH context.
If DhContext is NULL, then ASSERT().
If DhContext is NULL, then return FALSE.
@param[in] DhContext Pointer to the DH context to be released.
@@ -64,8 +64,8 @@ DhFree (
Before this function can be invoked, pseudorandom number generator must be correctly
initialized by RandomSeed().
If DhContext is NULL, then ASSERT().
If Prime is NULL, then ASSERT().
If DhContext is NULL, then return FALSE.
If Prime is NULL, then return FALSE.
@param[in, out] DhContext Pointer to the DH context.
@param[in] Generator Value of generator.
@@ -88,6 +88,13 @@ DhGenerateParameter (
{
BOOLEAN RetVal;
//
// Check input parameters.
//
if (DhContext == NULL || Prime == NULL) {
return FALSE;
}
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
return FALSE;
}
@@ -108,8 +115,8 @@ DhGenerateParameter (
Given generator g, and prime number p, this function and sets DH
context accordingly.
If DhContext is NULL, then ASSERT().
If Prime is NULL, then ASSERT().
If DhContext is NULL, then return FALSE.
If Prime is NULL, then return FALSE.
@param[in, out] DhContext Pointer to the DH context.
@param[in] Generator Value of generator.
@@ -134,6 +141,13 @@ DhSetParameter (
{
DH *Dh;
//
// Check input parameters.
//
if (DhContext == NULL || Prime == NULL) {
return FALSE;
}
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
return FALSE;
}
@@ -156,9 +170,9 @@ DhSetParameter (
If the PublicKey buffer is too small to hold the public key, FALSE is returned and
PublicKeySize is set to the required buffer size to obtain the public key.
If DhContext is NULL, then ASSERT().
If PublicKeySize is NULL, then ASSERT().
If PublicKeySize is large enough but PublicKey is NULL, then ASSERT().
If DhContext is NULL, then return FALSE.
If PublicKeySize is NULL, then return FALSE.
If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.
@param[in, out] DhContext Pointer to the DH context.
@param[out] PublicKey Pointer to the buffer to receive generated public key.
@@ -181,6 +195,17 @@ DhGenerateKey (
BOOLEAN RetVal;
DH *Dh;
//
// Check input parameters.
//
if (DhContext == NULL || PublicKeySize == NULL) {
return FALSE;
}
if (PublicKey == NULL && *PublicKeySize != 0) {
return FALSE;
}
Dh = (DH *) DhContext;
*PublicKeySize = 0;
@@ -199,10 +224,10 @@ DhGenerateKey (
Given peer's public key, this function computes the exchanged common key, based on its own
context including value of prime modulus and random secret exponent.
If DhContext is NULL, then ASSERT().
If PeerPublicKey is NULL, then ASSERT().
If KeySize is NULL, then ASSERT().
If KeySize is large enough but Key is NULL, then ASSERT().
If DhContext is NULL, then return FALSE.
If PeerPublicKey is NULL, then return FALSE.
If KeySize is NULL, then return FALSE.
If KeySize is large enough but Key is NULL, then return FALSE.
@param[in, out] DhContext Pointer to the DH context.
@param[in] PeerPublicKey Pointer to the peer's public key.
@@ -228,6 +253,17 @@ DhComputeKey (
{
BIGNUM *Bn;
//
// Check input parameters.
//
if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL) {
return FALSE;
}
if (Key == NULL && *KeySize != 0) {
return FALSE;
}
Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
*KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext);

View File

@@ -1,7 +1,7 @@
/** @file
PKCS#7 SignedData Verification Wrapper Implementation over OpenSSL.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -150,13 +150,10 @@ Pkcs7Sign (
//
// Check input parameters.
//
ASSERT (PrivateKey != NULL);
ASSERT (KeyPassword != NULL);
ASSERT (InData != NULL);
ASSERT (SignCert != NULL);
ASSERT (SignedData != NULL);
ASSERT (SignedDataSize != NULL);
ASSERT (InDataSize <= INT_MAX);
if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
return FALSE;
}
RsaContext = NULL;
Key = NULL;
@@ -285,7 +282,8 @@ _Exit:
Cryptographic Message Syntax Standard". The input signed data could be wrapped
in a ContentInfo structure.
If P7Data is NULL, then ASSERT().
If P7Data, TrustedCert or InData is NULL, then return FALSE.
If P7Length, CertLength or DataLength overflow, then return FAlSE.
@param[in] P7Data Pointer to the PKCS#7 message to verify.
@param[in] P7Length Length of the PKCS#7 message in bytes.
@@ -322,15 +320,13 @@ Pkcs7Verify (
BOOLEAN Wrapped;
//
// ASSERT if any input parameter is invalid.
// Check input parameters.
//
ASSERT (P7Data != NULL);
ASSERT (TrustedCert != NULL);
ASSERT (InData != NULL);
ASSERT (P7Length <= INT_MAX);
ASSERT (CertLength <= INT_MAX);
ASSERT (DataLength <= INT_MAX);
if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
return FALSE;
}
Status = FALSE;
Pkcs7 = NULL;
CertBio = NULL;

View File

@@ -1,7 +1,7 @@
/** @file
RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -60,7 +60,7 @@ RsaNew (
/**
Release the specified RSA context.
If RsaContext is NULL, then ASSERT().
If RsaContext is NULL, then return FALSE.
@param[in] RsaContext Pointer to the RSA context to be released.
@@ -71,8 +71,6 @@ RsaFree (
IN VOID *RsaContext
)
{
ASSERT (RsaContext != NULL);
//
// Free OpenSSL RSA Context
//
@@ -87,7 +85,7 @@ RsaFree (
represented in RSA PKCS#1).
If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
If RsaContext is NULL, then ASSERT().
If RsaContext is NULL, then return FALSE.
@param[in, out] RsaContext Pointer to RSA context being set.
@param[in] KeyTag Tag of RSA key component being set.
@@ -113,10 +111,11 @@ RsaSetKey (
RSA *RsaKey;
//
// ASSERT if RsaContext is NULL
// Check input parameters.
//
ASSERT (RsaContext != NULL);
if (RsaContext == NULL) {
return FALSE;
}
RsaKey = (RSA *)RsaContext;
//
@@ -256,9 +255,9 @@ RsaSetKey (
If the BigNumber buffer is too small to hold the contents of the key, FALSE
is returned and BnSize is set to the required buffer size to obtain the key.
If RsaContext is NULL, then ASSERT().
If BnSize is NULL, then ASSERT().
If BnSize is large enough but BigNumber is NULL, then ASSERT().
If RsaContext is NULL, then return FALSE.
If BnSize is NULL, then return FALSE.
If BnSize is large enough but BigNumber is NULL, then return FALSE.
@param[in, out] RsaContext Pointer to RSA context being set.
@param[in] KeyTag Tag of RSA key component being set.
@@ -284,8 +283,12 @@ RsaGetKey (
BIGNUM *BnKey;
UINTN Size;
ASSERT (RsaContext != NULL);
ASSERT (BnSize != NULL);
//
// Check input parameters.
//
if (RsaContext == NULL || BnSize == NULL) {
return FALSE;
}
RsaKey = (RSA *) RsaContext;
Size = *BnSize;
@@ -385,7 +388,9 @@ RsaGetKey (
return FALSE;
}
ASSERT (BigNumber != NULL);
if (BigNumber == NULL) {
return FALSE;
}
*BnSize = BN_bn2bin (BnKey, BigNumber) ;
return TRUE;
@@ -401,7 +406,7 @@ RsaGetKey (
Before this function can be invoked, pseudorandom number generator must be correctly
initialized by RandomSeed().
If RsaContext is NULL, then ASSERT().
If RsaContext is NULL, then return FALSE.
@param[in, out] RsaContext Pointer to RSA context being set.
@param[in] ModulusLength Length of RSA modulus N in bits.
@@ -424,8 +429,13 @@ RsaGenerateKey (
BIGNUM *KeyE;
BOOLEAN RetVal;
ASSERT (RsaContext != NULL);
//
// Check input parameters.
//
if (RsaContext == NULL) {
return FALSE;
}
KeyE = BN_new ();
if (PublicExponent == NULL) {
BN_set_word (KeyE, 0x10001);
@@ -451,7 +461,7 @@ RsaGenerateKey (
- Whether n = p * q
- Whether d*e = 1 mod lcm(p-1,q-1)
If RsaContext is NULL, then ASSERT().
If RsaContext is NULL, then return FALSE.
@param[in] RsaContext Pointer to RSA context to check.
@@ -467,8 +477,13 @@ RsaCheckKey (
{
UINTN Reason;
ASSERT (RsaContext != NULL);
//
// Check input parameters.
//
if (RsaContext == NULL) {
return FALSE;
}
if (RSA_check_key ((RSA *) RsaContext) != 1) {
Reason = ERR_GET_REASON (ERR_peek_last_error ());
if (Reason == RSA_R_P_NOT_PRIME ||
@@ -502,8 +517,12 @@ DigestInfoEncoding (
CONST UINT8 *HashDer;
UINTN DerSize;
ASSERT (Message != NULL);
ASSERT (DigestInfo != NULL);
//
// Check input parameters.
//
if (Message == NULL || DigestInfo == NULL) {
return FALSE;
}
//
// The original message length is used to determine the hash algorithm since
@@ -543,10 +562,10 @@ DigestInfoEncoding (
If the Signature buffer is too small to hold the contents of signature, FALSE
is returned and SigSize is set to the required buffer size to obtain the signature.
If RsaContext is NULL, then ASSERT().
If MessageHash is NULL, then ASSERT().
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT().
If SigSize is large enough but Signature is NULL, then ASSERT().
If RsaContext is NULL, then return FALSE.
If MessageHash is NULL, then return FALSE.
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
If SigSize is large enough but Signature is NULL, then return FALSE.
@param[in] RsaContext Pointer to RSA context for signature generation.
@param[in] MessageHash Pointer to octet message hash to be signed.
@@ -574,11 +593,13 @@ RsaPkcs1Sign (
UINTN Size;
INTN ReturnVal;
ASSERT (RsaContext != NULL);
ASSERT (MessageHash != NULL);
ASSERT ((HashSize == MD5_DIGEST_SIZE) ||
(HashSize == SHA1_DIGEST_SIZE) ||
(HashSize == SHA256_DIGEST_SIZE));
//
// Check input parameters.
//
if (RsaContext == NULL || MessageHash == NULL ||
(HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE)) {
return FALSE;
}
Rsa = (RSA *) RsaContext;
Size = BN_num_bytes (Rsa->n);
@@ -588,7 +609,9 @@ RsaPkcs1Sign (
return FALSE;
}
ASSERT (Signature != NULL);
if (Signature == NULL) {
return FALSE;
}
Size = DigestInfoEncoding (MessageHash, HashSize, Signature);
@@ -612,10 +635,10 @@ RsaPkcs1Sign (
Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
RSA PKCS#1.
If RsaContext is NULL, then ASSERT().
If MessageHash is NULL, then ASSERT().
If Signature is NULL, then ASSERT().
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then ASSERT().
If RsaContext is NULL, then return FALSE.
If MessageHash is NULL, then return FALSE.
If Signature is NULL, then return FALSE.
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] MessageHash Pointer to octet message hash to be checked.
@@ -640,19 +663,21 @@ RsaPkcs1Verify (
INTN Length;
//
// ASSERT if RsaContext, MessageHash or Signature is NULL
// Check input parameters.
//
ASSERT (RsaContext != NULL);
ASSERT (MessageHash != NULL);
ASSERT (Signature != NULL);
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
return FALSE;
}
//
// ASSERT if unsupported hash size:
// Check for unsupported hash size:
// Only MD5, SHA-1 or SHA-256 digest size is supported
//
ASSERT ((HashSize == MD5_DIGEST_SIZE) || (HashSize == SHA1_DIGEST_SIZE) ||
(HashSize == SHA256_DIGEST_SIZE));
if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {
return FALSE;
}
//
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
//

View File

@@ -1,7 +1,7 @@
/** @file
X.509 Certificate Handler Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -19,8 +19,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Construct a X509 object from DER-encoded certificate data.
If Cert is NULL, then ASSERT().
If SingleX509Cert is NULL, then ASSERT().
If Cert is NULL, then return FALSE.
If SingleX509Cert is NULL, then return FALSE.
@param[in] Cert Pointer to the DER-encoded certificate data.
@param[in] CertSize The size of certificate data in bytes.
@@ -43,11 +43,11 @@ X509ConstructCertificate (
BOOLEAN Status;
//
// ASSERT if Cert is NULL or SingleX509Cert is NULL.
// Check input parameters.
//
ASSERT (Cert != NULL);
ASSERT (SingleX509Cert != NULL);
ASSERT (CertSize <= INT_MAX);
if (Cert == NULL || SingleX509Cert == NULL || CertSize > INT_MAX) {
return FALSE;
}
Status = FALSE;
@@ -79,7 +79,7 @@ _Exit:
/**
Construct a X509 stack object from a list of DER-encoded certificate data.
If X509Stack is NULL, then ASSERT().
If X509Stack is NULL, then return FALSE.
@param[in, out] X509Stack On input, pointer to an existing X509 stack object.
On output, pointer to the X509 stack object with new
@@ -108,9 +108,11 @@ X509ConstructCertificateStack (
UINTN Index;
//
// ASSERT if input X509Stack is NULL.
// Check input parameters.
//
ASSERT (X509Stack != NULL);
if (X509Stack == NULL) {
return FALSE;
}
Status = FALSE;
@@ -171,7 +173,7 @@ X509ConstructCertificateStack (
/**
Release the specified X509 object.
If X509Cert is NULL, then ASSERT().
If X509Cert is NULL, then return FALSE.
@param[in] X509Cert Pointer to the X509 object to be released.
@@ -181,9 +183,14 @@ EFIAPI
X509Free (
IN VOID *X509Cert
)
{
ASSERT (X509Cert != NULL);
{
//
// Check input parameters.
//
if (X509Cert == NULL) {
return;
}
//
// Free OpenSSL X509 object.
//
@@ -193,7 +200,7 @@ X509Free (
/**
Release the specified X509 stack object.
If X509Stack is NULL, then ASSERT().
If X509Stack is NULL, then return FALSE.
@param[in] X509Stack Pointer to the X509 stack object to be released.
@@ -204,8 +211,13 @@ X509StackFree (
IN VOID *X509Stack
)
{
ASSERT (X509Stack != NULL);
//
// Check input parameters.
//
if (X509Stack == NULL) {
return;
}
//
// Free OpenSSL X509 stack object.
//
@@ -221,8 +233,8 @@ X509StackFree (
@param[in, out] SubjectSize The size in bytes of the CertSubject buffer on input,
and the size of buffer returned CertSubject on output.
If Cert is NULL, then ASSERT().
If SubjectSize is NULL, then ASSERT().
If Cert is NULL, then return FALSE.
If SubjectSize is NULL, then return FALSE.
@retval TRUE The certificate subject retrieved successfully.
@retval FALSE Invalid certificate, or the SubjectSize is too small for the result.
@@ -243,10 +255,11 @@ X509GetSubjectName (
X509_NAME *X509Name;
//
// ASSERT if Cert is NULL or SubjectSize is NULL.
// Check input parameters.
//
ASSERT (Cert != NULL);
ASSERT (SubjectSize != NULL);
if (Cert == NULL || SubjectSize == NULL) {
return FALSE;
}
Status = FALSE;
X509Cert = NULL;
@@ -291,8 +304,8 @@ _Exit:
RSA public key component. Use RsaFree() function to free the
resource.
If Cert is NULL, then ASSERT().
If RsaContext is NULL, then ASSERT().
If Cert is NULL, then return FALSE.
If RsaContext is NULL, then return FALSE.
@retval TRUE RSA Public Key was retrieved successfully.
@retval FALSE Fail to retrieve RSA public key from X509 certificate.
@@ -309,12 +322,13 @@ RsaGetPublicKeyFromX509 (
BOOLEAN Status;
EVP_PKEY *Pkey;
X509 *X509Cert;
//
// ASSERT if Cert is NULL or RsaContext is NULL.
// Check input parameters.
//
ASSERT (Cert != NULL);
ASSERT (RsaContext != NULL);
if (Cert == NULL || RsaContext == NULL) {
return FALSE;
}
Status = FALSE;
Pkey = NULL;
@@ -361,8 +375,8 @@ _Exit:
@param[in] CACert Pointer to the DER-encoded trusted CA certificate.
@param[in] CACertSize Size of the CA Certificate in bytes.
If Cert is NULL, then ASSERT().
If CACert is NULL, then ASSERT().
If Cert is NULL, then return FALSE.
If CACert is NULL, then return FALSE.
@retval TRUE The certificate was issued by the trusted CA.
@retval FALSE Invalid certificate or the certificate was not issued by the given
@@ -383,12 +397,13 @@ X509VerifyCert (
X509 *X509CACert;
X509_STORE *CertStore;
X509_STORE_CTX CertCtx;
//
// ASSERT if Cert is NULL or CACert is NULL.
// Check input parameters.
//
ASSERT (Cert != NULL);
ASSERT (CACert != NULL);
if (Cert == NULL || CACert == NULL) {
return FALSE;
}
Status = FALSE;
X509Cert = NULL;