CryptoPkg: Add new API to retrieve commonName of X.509 certificate

v3: Add extra CommonNameSize check since OpenSSL didn't check this input parameter. (One openssl issue was filed to address this risk: https://github.com/openssl/openssl/issues/4392) v2: Update function interface to return RETURN_STATUS to represent different error cases. Add one new API (X509GetCommonName()) to retrieve the subject commonName string from one X.509 certificate. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ting Ye <ting.ye@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com>
2017-09-24 23:42:16 +08:00
parent fc8be1ad9a
commit 5b7c224505
5 changed files with 234 additions and 8 deletions
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c
@ -127,6 +127,38 @@ X509GetSubjectName (
  return FALSE;
 }

+/**
+  Retrieve the common name (CN) string from one X.509 certificate.
+
+  Return RETURN_UNSUPPORTED to indicate this interface is not supported.
+
+  @param[in]      Cert             Pointer to the DER-encoded X509 certificate.
+  @param[in]      CertSize         Size of the X509 certificate in bytes.
+  @param[out]     CommonName       Buffer to contain the retrieved certificate common
+                                   name string. At most CommonNameSize bytes will be
+                                   written and the string will be null terminated. May be
+                                   NULL in order to determine the size buffer needed.
+  @param[in,out]  CommonNameSize   The size in bytes of the CommonName buffer on input,
+                                   and the size of buffer returned CommonName on output.
+                                   If CommonName is NULL then the amount of space needed
+                                   in buffer (including the final null) is returned.
+
+  @retval RETURN_UNSUPPORTED       The operation is not supported.
+
+**/
+RETURN_STATUS
+EFIAPI
+X509GetCommonName (
+  IN      CONST UINT8  *Cert,
+  IN      UINTN        CertSize,
+  OUT     CHAR8        *CommonName,  OPTIONAL
+  IN OUT  UINTN        *CommonNameSize
+  )
+{
+  ASSERT (FALSE);
+  return RETURN_UNSUPPORTED;
+}
+
 /**
  Retrieve the RSA Public Key from one DER-encoded X509 certificate.

@ -203,4 +235,4 @@ X509GetTBSCert (
 {
  ASSERT (FALSE);
  return FALSE;
-}
+}