CryptoPkg: Apply uncrustify changes
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the CryptoPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
committed by
mergify[bot]
parent
2b16a4fb91
commit
7c34237831
@@ -25,7 +25,7 @@ AesGetContextSize (
|
||||
// AES uses different key contexts for encryption and decryption, so here memory
|
||||
// for 2 copies of AES_KEY is allocated.
|
||||
//
|
||||
return (UINTN) (2 * sizeof (AES_KEY));
|
||||
return (UINTN)(2 * sizeof (AES_KEY));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -61,20 +61,22 @@ AesInit (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (AesContext == NULL || Key == NULL || (KeyLength != 128 && KeyLength != 192 && KeyLength != 256)) {
|
||||
if ((AesContext == NULL) || (Key == NULL) || ((KeyLength != 128) && (KeyLength != 192) && (KeyLength != 256))) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// Initialize AES encryption & decryption key schedule.
|
||||
//
|
||||
AesKey = (AES_KEY *) AesContext;
|
||||
if (AES_set_encrypt_key (Key, (UINT32) KeyLength, AesKey) != 0) {
|
||||
AesKey = (AES_KEY *)AesContext;
|
||||
if (AES_set_encrypt_key (Key, (UINT32)KeyLength, AesKey) != 0) {
|
||||
return FALSE;
|
||||
}
|
||||
if (AES_set_decrypt_key (Key, (UINT32) KeyLength, AesKey + 1) != 0) {
|
||||
|
||||
if (AES_set_decrypt_key (Key, (UINT32)KeyLength, AesKey + 1) != 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@@ -121,21 +123,21 @@ AesCbcEncrypt (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
|
||||
if ((AesContext == NULL) || (Input == NULL) || ((InputSize % AES_BLOCK_SIZE) != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
|
||||
if ((Ivec == NULL) || (Output == NULL) || (InputSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
AesKey = (AES_KEY *) AesContext;
|
||||
AesKey = (AES_KEY *)AesContext;
|
||||
CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
|
||||
|
||||
//
|
||||
// Perform AES data encryption with CBC mode
|
||||
//
|
||||
AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey, IvecBuffer, AES_ENCRYPT);
|
||||
AES_cbc_encrypt (Input, Output, (UINT32)InputSize, AesKey, IvecBuffer, AES_ENCRYPT);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
@@ -183,21 +185,21 @@ AesCbcDecrypt (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (AesContext == NULL || Input == NULL || (InputSize % AES_BLOCK_SIZE) != 0) {
|
||||
if ((AesContext == NULL) || (Input == NULL) || ((InputSize % AES_BLOCK_SIZE) != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (Ivec == NULL || Output == NULL || InputSize > INT_MAX) {
|
||||
if ((Ivec == NULL) || (Output == NULL) || (InputSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
AesKey = (AES_KEY *) AesContext;
|
||||
AesKey = (AES_KEY *)AesContext;
|
||||
CopyMem (IvecBuffer, Ivec, AES_BLOCK_SIZE);
|
||||
|
||||
//
|
||||
// Perform AES data decryption with CBC mode
|
||||
//
|
||||
AES_cbc_encrypt (Input, Output, (UINT32) InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT);
|
||||
AES_cbc_encrypt (Input, Output, (UINT32)InputSize, AesKey + 1, IvecBuffer, AES_DECRYPT);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
@@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <openssl/md5.h>
|
||||
|
||||
#ifdef ENABLE_MD5_DEPRECATED_INTERFACES
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for MD5 hash operations.
|
||||
|
||||
@@ -25,10 +26,9 @@ Md5GetContextSize (
|
||||
//
|
||||
// Retrieves the OpenSSL MD5 Context Size
|
||||
//
|
||||
return (UINTN) (sizeof (MD5_CTX));
|
||||
return (UINTN)(sizeof (MD5_CTX));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by Md5Context as MD5 hash context for
|
||||
subsequent use.
|
||||
@@ -57,7 +57,7 @@ Md5Init (
|
||||
//
|
||||
// OpenSSL MD5 Context Initialization
|
||||
//
|
||||
return (BOOLEAN) (MD5_Init ((MD5_CTX *) Md5Context));
|
||||
return (BOOLEAN)(MD5_Init ((MD5_CTX *)Md5Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -83,7 +83,7 @@ Md5Duplicate (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Md5Context == NULL || NewMd5Context == NULL) {
|
||||
if ((Md5Context == NULL) || (NewMd5Context == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -128,14 +128,14 @@ Md5Update (
|
||||
//
|
||||
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL && (DataSize != 0)) {
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL MD5 Hash Update
|
||||
//
|
||||
return (BOOLEAN) (MD5_Update ((MD5_CTX *) Md5Context, Data, DataSize));
|
||||
return (BOOLEAN)(MD5_Update ((MD5_CTX *)Md5Context, Data, DataSize));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -168,14 +168,14 @@ Md5Final (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Md5Context == NULL || HashValue == NULL) {
|
||||
if ((Md5Context == NULL) || (HashValue == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL MD5 Hash Finalization
|
||||
//
|
||||
return (BOOLEAN) (MD5_Final (HashValue, (MD5_CTX *) Md5Context));
|
||||
return (BOOLEAN)(MD5_Final (HashValue, (MD5_CTX *)Md5Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -210,7 +210,8 @@ Md5HashAll (
|
||||
if (HashValue == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
if (Data == NULL && (DataSize != 0)) {
|
||||
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -223,4 +224,5 @@ Md5HashAll (
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <openssl/sha.h>
|
||||
|
||||
#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for SHA-1 hash operations.
|
||||
|
||||
@@ -25,7 +26,7 @@ Sha1GetContextSize (
|
||||
//
|
||||
// Retrieves OpenSSL SHA Context Size
|
||||
//
|
||||
return (UINTN) (sizeof (SHA_CTX));
|
||||
return (UINTN)(sizeof (SHA_CTX));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -56,7 +57,7 @@ Sha1Init (
|
||||
//
|
||||
// OpenSSL SHA-1 Context Initialization
|
||||
//
|
||||
return (BOOLEAN) (SHA1_Init ((SHA_CTX *) Sha1Context));
|
||||
return (BOOLEAN)(SHA1_Init ((SHA_CTX *)Sha1Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -82,7 +83,7 @@ Sha1Duplicate (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sha1Context == NULL || NewSha1Context == NULL) {
|
||||
if ((Sha1Context == NULL) || (NewSha1Context == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -127,14 +128,14 @@ Sha1Update (
|
||||
//
|
||||
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-1 Hash Update
|
||||
//
|
||||
return (BOOLEAN) (SHA1_Update ((SHA_CTX *) Sha1Context, Data, DataSize));
|
||||
return (BOOLEAN)(SHA1_Update ((SHA_CTX *)Sha1Context, Data, DataSize));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -167,14 +168,14 @@ Sha1Final (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sha1Context == NULL || HashValue == NULL) {
|
||||
if ((Sha1Context == NULL) || (HashValue == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-1 Hash Finalization
|
||||
//
|
||||
return (BOOLEAN) (SHA1_Final (HashValue, (SHA_CTX *) Sha1Context));
|
||||
return (BOOLEAN)(SHA1_Final (HashValue, (SHA_CTX *)Sha1Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -209,7 +210,8 @@ Sha1HashAll (
|
||||
if (HashValue == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -222,4 +224,5 @@ Sha1HashAll (
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@@ -24,7 +24,7 @@ Sha256GetContextSize (
|
||||
//
|
||||
// Retrieves OpenSSL SHA-256 Context Size
|
||||
//
|
||||
return (UINTN) (sizeof (SHA256_CTX));
|
||||
return (UINTN)(sizeof (SHA256_CTX));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -55,7 +55,7 @@ Sha256Init (
|
||||
//
|
||||
// OpenSSL SHA-256 Context Initialization
|
||||
//
|
||||
return (BOOLEAN) (SHA256_Init ((SHA256_CTX *) Sha256Context));
|
||||
return (BOOLEAN)(SHA256_Init ((SHA256_CTX *)Sha256Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -81,7 +81,7 @@ Sha256Duplicate (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sha256Context == NULL || NewSha256Context == NULL) {
|
||||
if ((Sha256Context == NULL) || (NewSha256Context == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -126,14 +126,14 @@ Sha256Update (
|
||||
//
|
||||
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-256 Hash Update
|
||||
//
|
||||
return (BOOLEAN) (SHA256_Update ((SHA256_CTX *) Sha256Context, Data, DataSize));
|
||||
return (BOOLEAN)(SHA256_Update ((SHA256_CTX *)Sha256Context, Data, DataSize));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -166,14 +166,14 @@ Sha256Final (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sha256Context == NULL || HashValue == NULL) {
|
||||
if ((Sha256Context == NULL) || (HashValue == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-256 Hash Finalization
|
||||
//
|
||||
return (BOOLEAN) (SHA256_Final (HashValue, (SHA256_CTX *) Sha256Context));
|
||||
return (BOOLEAN)(SHA256_Final (HashValue, (SHA256_CTX *)Sha256Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -208,7 +208,8 @@ Sha256HashAll (
|
||||
if (HashValue == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
@@ -24,7 +24,7 @@ Sha384GetContextSize (
|
||||
//
|
||||
// Retrieves OpenSSL SHA-384 Context Size
|
||||
//
|
||||
return (UINTN) (sizeof (SHA512_CTX));
|
||||
return (UINTN)(sizeof (SHA512_CTX));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -55,7 +55,7 @@ Sha384Init (
|
||||
//
|
||||
// OpenSSL SHA-384 Context Initialization
|
||||
//
|
||||
return (BOOLEAN) (SHA384_Init ((SHA512_CTX *) Sha384Context));
|
||||
return (BOOLEAN)(SHA384_Init ((SHA512_CTX *)Sha384Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -83,7 +83,7 @@ Sha384Duplicate (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sha384Context == NULL || NewSha384Context == NULL) {
|
||||
if ((Sha384Context == NULL) || (NewSha384Context == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -128,14 +128,14 @@ Sha384Update (
|
||||
//
|
||||
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-384 Hash Update
|
||||
//
|
||||
return (BOOLEAN) (SHA384_Update ((SHA512_CTX *) Sha384Context, Data, DataSize));
|
||||
return (BOOLEAN)(SHA384_Update ((SHA512_CTX *)Sha384Context, Data, DataSize));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -168,14 +168,14 @@ Sha384Final (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sha384Context == NULL || HashValue == NULL) {
|
||||
if ((Sha384Context == NULL) || (HashValue == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-384 Hash Finalization
|
||||
//
|
||||
return (BOOLEAN) (SHA384_Final (HashValue, (SHA512_CTX *) Sha384Context));
|
||||
return (BOOLEAN)(SHA384_Final (HashValue, (SHA512_CTX *)Sha384Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -210,7 +210,8 @@ Sha384HashAll (
|
||||
if (HashValue == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -239,7 +240,7 @@ Sha512GetContextSize (
|
||||
//
|
||||
// Retrieves OpenSSL SHA-512 Context Size
|
||||
//
|
||||
return (UINTN) (sizeof (SHA512_CTX));
|
||||
return (UINTN)(sizeof (SHA512_CTX));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -270,7 +271,7 @@ Sha512Init (
|
||||
//
|
||||
// OpenSSL SHA-512 Context Initialization
|
||||
//
|
||||
return (BOOLEAN) (SHA512_Init ((SHA512_CTX *) Sha512Context));
|
||||
return (BOOLEAN)(SHA512_Init ((SHA512_CTX *)Sha512Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -298,7 +299,7 @@ Sha512Duplicate (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sha512Context == NULL || NewSha512Context == NULL) {
|
||||
if ((Sha512Context == NULL) || (NewSha512Context == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -343,14 +344,14 @@ Sha512Update (
|
||||
//
|
||||
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-512 Hash Update
|
||||
//
|
||||
return (BOOLEAN) (SHA512_Update ((SHA512_CTX *) Sha512Context, Data, DataSize));
|
||||
return (BOOLEAN)(SHA512_Update ((SHA512_CTX *)Sha512Context, Data, DataSize));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -383,14 +384,14 @@ Sha512Final (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sha512Context == NULL || HashValue == NULL) {
|
||||
if ((Sha512Context == NULL) || (HashValue == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// OpenSSL SHA-512 Hash Finalization
|
||||
//
|
||||
return (BOOLEAN) (SHA384_Final (HashValue, (SHA512_CTX *) Sha512Context));
|
||||
return (BOOLEAN)(SHA384_Final (HashValue, (SHA512_CTX *)Sha512Context));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -425,7 +426,8 @@ Sha512HashAll (
|
||||
if (HashValue == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
@@ -24,7 +24,7 @@ Sm3GetContextSize (
|
||||
//
|
||||
// Retrieves Openssl SM3 Context Size
|
||||
//
|
||||
return (UINTN) (sizeof (SM3_CTX));
|
||||
return (UINTN)(sizeof (SM3_CTX));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -55,7 +55,7 @@ Sm3Init (
|
||||
//
|
||||
// Openssl SM3 Context Initialization
|
||||
//
|
||||
sm3_init ((SM3_CTX *) Sm3Context);
|
||||
sm3_init ((SM3_CTX *)Sm3Context);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@@ -84,7 +84,7 @@ Sm3Duplicate (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sm3Context == NULL || NewSm3Context == NULL) {
|
||||
if ((Sm3Context == NULL) || (NewSm3Context == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -129,14 +129,14 @@ Sm3Update (
|
||||
//
|
||||
// Check invalid parameters, in case that only DataLength was checked in Openssl
|
||||
//
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// Openssl SM3 Hash Update
|
||||
//
|
||||
sm3_update ((SM3_CTX *) Sm3Context, Data, DataSize);
|
||||
sm3_update ((SM3_CTX *)Sm3Context, Data, DataSize);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
@@ -171,14 +171,14 @@ Sm3Final (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Sm3Context == NULL || HashValue == NULL) {
|
||||
if ((Sm3Context == NULL) || (HashValue == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// Openssl SM3 Hash Finalization
|
||||
//
|
||||
sm3_final (HashValue, (SM3_CTX *) Sm3Context);
|
||||
sm3_final (HashValue, (SM3_CTX *)Sm3Context);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
@@ -209,7 +209,7 @@ Sm3HashAll (
|
||||
OUT UINT8 *HashValue
|
||||
)
|
||||
{
|
||||
SM3_CTX Ctx;
|
||||
SM3_CTX Ctx;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
@@ -217,18 +217,19 @@ Sm3HashAll (
|
||||
if (HashValue == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// SM3 Hash Computation.
|
||||
//
|
||||
sm3_init(&Ctx);
|
||||
sm3_init (&Ctx);
|
||||
|
||||
sm3_update(&Ctx, Data, DataSize);
|
||||
sm3_update (&Ctx, Data, DataSize);
|
||||
|
||||
sm3_final(HashValue, &Ctx);
|
||||
sm3_final (HashValue, &Ctx);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
@@ -25,7 +25,7 @@ HmacSha256New (
|
||||
//
|
||||
// Allocates & Initializes HMAC_CTX Context by OpenSSL HMAC_CTX_new()
|
||||
//
|
||||
return (VOID *) HMAC_CTX_new ();
|
||||
return (VOID *)HMAC_CTX_new ();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -71,11 +71,11 @@ HmacSha256SetKey (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (HmacSha256Context == NULL || KeySize > INT_MAX) {
|
||||
if ((HmacSha256Context == NULL) || (KeySize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32) KeySize, EVP_sha256(), NULL) != 1) {
|
||||
if (HMAC_Init_ex ((HMAC_CTX *)HmacSha256Context, Key, (UINT32)KeySize, EVP_sha256 (), NULL) != 1) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -105,7 +105,7 @@ HmacSha256Duplicate (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (HmacSha256Context == NULL || NewHmacSha256Context == NULL) {
|
||||
if ((HmacSha256Context == NULL) || (NewHmacSha256Context == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -152,7 +152,7 @@ HmacSha256Update (
|
||||
//
|
||||
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
|
||||
//
|
||||
if (Data == NULL && DataSize != 0) {
|
||||
if ((Data == NULL) && (DataSize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -198,7 +198,7 @@ HmacSha256Final (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (HmacSha256Context == NULL || HmacValue == NULL) {
|
||||
if ((HmacSha256Context == NULL) || (HmacValue == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -208,6 +208,7 @@ HmacSha256Final (
|
||||
if (HMAC_Final ((HMAC_CTX *)HmacSha256Context, HmacValue, &Length) != 1) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (HMAC_CTX_reset ((HMAC_CTX *)HmacSha256Context) != 1) {
|
||||
return FALSE;
|
||||
}
|
||||
|
@@ -23,8 +23,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
#define OBJ_get0_data(o) ((o)->data)
|
||||
#define OBJ_length(o) ((o)->length)
|
||||
#define OBJ_get0_data(o) ((o)->data)
|
||||
#define OBJ_length(o) ((o)->length)
|
||||
#endif
|
||||
|
||||
/**
|
||||
|
@@ -39,37 +39,42 @@ HkdfSha256ExtractAndExpand (
|
||||
IN UINTN OutSize
|
||||
)
|
||||
{
|
||||
EVP_PKEY_CTX *pHkdfCtx;
|
||||
BOOLEAN Result;
|
||||
EVP_PKEY_CTX *pHkdfCtx;
|
||||
BOOLEAN Result;
|
||||
|
||||
if (Key == NULL || Salt == NULL || Info == NULL || Out == NULL ||
|
||||
KeySize > INT_MAX || SaltSize > INT_MAX || InfoSize > INT_MAX || OutSize > INT_MAX ) {
|
||||
if ((Key == NULL) || (Salt == NULL) || (Info == NULL) || (Out == NULL) ||
|
||||
(KeySize > INT_MAX) || (SaltSize > INT_MAX) || (InfoSize > INT_MAX) || (OutSize > INT_MAX))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
pHkdfCtx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
||||
pHkdfCtx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);
|
||||
if (pHkdfCtx == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Result = EVP_PKEY_derive_init(pHkdfCtx) > 0;
|
||||
Result = EVP_PKEY_derive_init (pHkdfCtx) > 0;
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_hkdf_md(pHkdfCtx, EVP_sha256()) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set1_hkdf_salt(pHkdfCtx, Salt, (UINT32)SaltSize) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set1_hkdf_key(pHkdfCtx, Key, (UINT32)KeySize) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_add1_hkdf_info(pHkdfCtx, Info, (UINT32)InfoSize) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_derive(pHkdfCtx, Out, &OutSize) > 0;
|
||||
Result = EVP_PKEY_CTX_set_hkdf_md (pHkdfCtx, EVP_sha256 ()) > 0;
|
||||
}
|
||||
|
||||
EVP_PKEY_CTX_free(pHkdfCtx);
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set1_hkdf_salt (pHkdfCtx, Salt, (UINT32)SaltSize) > 0;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set1_hkdf_key (pHkdfCtx, Key, (UINT32)KeySize) > 0;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_add1_hkdf_info (pHkdfCtx, Info, (UINT32)InfoSize) > 0;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_derive (pHkdfCtx, Out, &OutSize) > 0;
|
||||
}
|
||||
|
||||
EVP_PKEY_CTX_free (pHkdfCtx);
|
||||
pHkdfCtx = NULL;
|
||||
return Result;
|
||||
}
|
||||
|
@@ -30,14 +30,14 @@ PasswordCallback (
|
||||
{
|
||||
INTN KeyLength;
|
||||
|
||||
ZeroMem ((VOID *) Buf, (UINTN) Size);
|
||||
ZeroMem ((VOID *)Buf, (UINTN)Size);
|
||||
if (Key != NULL) {
|
||||
//
|
||||
// Duplicate key phrase directly.
|
||||
//
|
||||
KeyLength = (INTN) AsciiStrLen ((CHAR8 *)Key);
|
||||
KeyLength = (KeyLength > Size ) ? Size : KeyLength;
|
||||
CopyMem (Buf, Key, (UINTN) KeyLength);
|
||||
KeyLength = (INTN)AsciiStrLen ((CHAR8 *)Key);
|
||||
KeyLength = (KeyLength > Size) ? Size : KeyLength;
|
||||
CopyMem (Buf, Key, (UINTN)KeyLength);
|
||||
return KeyLength;
|
||||
} else {
|
||||
return 0;
|
||||
@@ -76,7 +76,7 @@ RsaGetPrivateKeyFromPem (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (PemData == NULL || RsaContext == NULL || PemSize > INT_MAX) {
|
||||
if ((PemData == NULL) || (RsaContext == NULL) || (PemSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -87,9 +87,11 @@ RsaGetPrivateKeyFromPem (
|
||||
if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
@@ -104,14 +106,14 @@ RsaGetPrivateKeyFromPem (
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) {
|
||||
if (BIO_write (PemBio, PemData, (int)PemSize) <= 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Retrieve RSA Private Key from encrypted PEM data.
|
||||
//
|
||||
*RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *) &PasswordCallback, (void *) Password);
|
||||
*RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *)&PasswordCallback, (void *)Password);
|
||||
if (*RsaContext != NULL) {
|
||||
Status = TRUE;
|
||||
}
|
||||
|
@@ -23,9 +23,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
//
|
||||
// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID
|
||||
//
|
||||
UINT8 mSpcIndirectOidValue[] = {
|
||||
UINT8 mSpcIndirectOidValue[] = {
|
||||
0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04
|
||||
};
|
||||
};
|
||||
|
||||
/**
|
||||
Verifies the validity of a PE/COFF Authenticode Signature as described in "Windows
|
||||
@@ -109,20 +109,20 @@ AuthenticodeVerify (
|
||||
// some authenticode-specific structure. Use opaque ASN.1 string to retrieve
|
||||
// PKCS#7 ContentInfo here.
|
||||
//
|
||||
SpcIndirectDataOid = OBJ_get0_data(Pkcs7->d.sign->contents->type);
|
||||
if (OBJ_length(Pkcs7->d.sign->contents->type) != sizeof(mSpcIndirectOidValue) ||
|
||||
CompareMem (
|
||||
SpcIndirectDataOid,
|
||||
mSpcIndirectOidValue,
|
||||
sizeof (mSpcIndirectOidValue)
|
||||
) != 0) {
|
||||
SpcIndirectDataOid = OBJ_get0_data (Pkcs7->d.sign->contents->type);
|
||||
if ((OBJ_length (Pkcs7->d.sign->contents->type) != sizeof (mSpcIndirectOidValue)) ||
|
||||
(CompareMem (
|
||||
SpcIndirectDataOid,
|
||||
mSpcIndirectOidValue,
|
||||
sizeof (mSpcIndirectOidValue)
|
||||
) != 0))
|
||||
{
|
||||
//
|
||||
// Un-matched SPC_INDIRECT_DATA_OBJID.
|
||||
//
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
|
||||
SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
|
||||
|
||||
//
|
||||
@@ -134,33 +134,30 @@ AuthenticodeVerify (
|
||||
//
|
||||
// Short Form of Length Encoding (Length < 128)
|
||||
//
|
||||
ContentSize = (UINTN) (Asn1Byte & 0x7F);
|
||||
ContentSize = (UINTN)(Asn1Byte & 0x7F);
|
||||
//
|
||||
// Skip the SEQUENCE Tag;
|
||||
//
|
||||
SpcIndirectDataContent += 2;
|
||||
|
||||
} else if ((Asn1Byte & 0x81) == 0x81) {
|
||||
//
|
||||
// Long Form of Length Encoding (128 <= Length < 255, Single Octet)
|
||||
//
|
||||
ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
|
||||
ContentSize = (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 2));
|
||||
//
|
||||
// Skip the SEQUENCE Tag;
|
||||
//
|
||||
SpcIndirectDataContent += 3;
|
||||
|
||||
} else if ((Asn1Byte & 0x82) == 0x82) {
|
||||
//
|
||||
// Long Form of Length Encoding (Length > 255, Two Octet)
|
||||
//
|
||||
ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2));
|
||||
ContentSize = (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 2));
|
||||
ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3));
|
||||
//
|
||||
// Skip the SEQUENCE Tag;
|
||||
//
|
||||
SpcIndirectDataContent += 4;
|
||||
|
||||
} else {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -180,7 +177,7 @@ AuthenticodeVerify (
|
||||
//
|
||||
// Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature
|
||||
//
|
||||
Status = (BOOLEAN) Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize);
|
||||
Status = (BOOLEAN)Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize);
|
||||
|
||||
_Exit:
|
||||
//
|
||||
|
@@ -26,7 +26,7 @@ DhNew (
|
||||
//
|
||||
// Allocates & Initializes DH Context by OpenSSL DH_new()
|
||||
//
|
||||
return (VOID *) DH_new ();
|
||||
return (VOID *)DH_new ();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -46,7 +46,7 @@ DhFree (
|
||||
//
|
||||
// Free OpenSSL DH Context
|
||||
//
|
||||
DH_free ((DH *) DhContext);
|
||||
DH_free ((DH *)DhContext);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -80,21 +80,21 @@ DhGenerateParameter (
|
||||
OUT UINT8 *Prime
|
||||
)
|
||||
{
|
||||
BOOLEAN RetVal;
|
||||
BIGNUM *BnP;
|
||||
BOOLEAN RetVal;
|
||||
BIGNUM *BnP;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
|
||||
if ((DhContext == NULL) || (Prime == NULL) || (PrimeLength > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
|
||||
if ((Generator != DH_GENERATOR_2) && (Generator != DH_GENERATOR_5)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL);
|
||||
RetVal = (BOOLEAN)DH_generate_parameters_ex (DhContext, (UINT32)PrimeLength, (UINT32)Generator, NULL);
|
||||
if (!RetVal) {
|
||||
return FALSE;
|
||||
}
|
||||
@@ -142,11 +142,11 @@ DhSetParameter (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (DhContext == NULL || Prime == NULL || PrimeLength > INT_MAX) {
|
||||
if ((DhContext == NULL) || (Prime == NULL) || (PrimeLength > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
|
||||
if ((Generator != DH_GENERATOR_2) && (Generator != DH_GENERATOR_5)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -199,29 +199,29 @@ DhGenerateKey (
|
||||
IN OUT UINTN *PublicKeySize
|
||||
)
|
||||
{
|
||||
BOOLEAN RetVal;
|
||||
DH *Dh;
|
||||
BIGNUM *DhPubKey;
|
||||
INTN Size;
|
||||
BOOLEAN RetVal;
|
||||
DH *Dh;
|
||||
BIGNUM *DhPubKey;
|
||||
INTN Size;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (DhContext == NULL || PublicKeySize == NULL) {
|
||||
if ((DhContext == NULL) || (PublicKeySize == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (PublicKey == NULL && *PublicKeySize != 0) {
|
||||
if ((PublicKey == NULL) && (*PublicKeySize != 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Dh = (DH *) DhContext;
|
||||
Dh = (DH *)DhContext;
|
||||
|
||||
RetVal = (BOOLEAN) DH_generate_key (DhContext);
|
||||
RetVal = (BOOLEAN)DH_generate_key (DhContext);
|
||||
if (RetVal) {
|
||||
DH_get0_key (Dh, (const BIGNUM **)&DhPubKey, NULL);
|
||||
Size = BN_num_bytes (DhPubKey);
|
||||
if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {
|
||||
if ((Size > 0) && (*PublicKeySize < (UINTN)Size)) {
|
||||
*PublicKeySize = Size;
|
||||
return FALSE;
|
||||
}
|
||||
@@ -229,6 +229,7 @@ DhGenerateKey (
|
||||
if (PublicKey != NULL) {
|
||||
BN_bn2bin (DhPubKey, PublicKey);
|
||||
}
|
||||
|
||||
*PublicKeySize = Size;
|
||||
}
|
||||
|
||||
@@ -275,7 +276,7 @@ DhComputeKey (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL || Key == NULL) {
|
||||
if ((DhContext == NULL) || (PeerPublicKey == NULL) || (KeySize == NULL) || (Key == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -283,7 +284,7 @@ DhComputeKey (
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
|
||||
Bn = BN_bin2bn (PeerPublicKey, (UINT32)PeerPublicKeySize, NULL);
|
||||
if (Bn == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
@@ -294,7 +295,7 @@ DhComputeKey (
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (*KeySize < (UINTN) Size) {
|
||||
if (*KeySize < (UINTN)Size) {
|
||||
*KeySize = Size;
|
||||
BN_free (Bn);
|
||||
return FALSE;
|
||||
|
@@ -67,8 +67,9 @@ Pkcs1v2Encrypt (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (PublicKey == NULL || InData == NULL ||
|
||||
EncryptedData == NULL || EncryptedDataSize == NULL) {
|
||||
if ((PublicKey == NULL) || (InData == NULL) ||
|
||||
(EncryptedData == NULL) || (EncryptedDataSize == NULL))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -82,15 +83,15 @@ Pkcs1v2Encrypt (
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
*EncryptedData = NULL;
|
||||
*EncryptedDataSize = 0;
|
||||
Result = FALSE;
|
||||
TempPointer = NULL;
|
||||
CertData = NULL;
|
||||
InternalPublicKey = NULL;
|
||||
PkeyCtx = NULL;
|
||||
OutData = NULL;
|
||||
OutDataSize = 0;
|
||||
*EncryptedData = NULL;
|
||||
*EncryptedDataSize = 0;
|
||||
Result = FALSE;
|
||||
TempPointer = NULL;
|
||||
CertData = NULL;
|
||||
InternalPublicKey = NULL;
|
||||
PkeyCtx = NULL;
|
||||
OutData = NULL;
|
||||
OutDataSize = 0;
|
||||
|
||||
//
|
||||
// If it provides a seed then use it.
|
||||
@@ -107,7 +108,7 @@ Pkcs1v2Encrypt (
|
||||
// Parse the X509 cert and extract the public key.
|
||||
//
|
||||
TempPointer = PublicKey;
|
||||
CertData = d2i_X509 (&CertData, &TempPointer, (UINT32)PublicKeySize);
|
||||
CertData = d2i_X509 (&CertData, &TempPointer, (UINT32)PublicKeySize);
|
||||
if (CertData == NULL) {
|
||||
//
|
||||
// Fail to parse X509 cert.
|
||||
@@ -137,11 +138,13 @@ Pkcs1v2Encrypt (
|
||||
//
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Initialize the context and set the desired padding.
|
||||
//
|
||||
if (EVP_PKEY_encrypt_init (PkeyCtx) <= 0 ||
|
||||
EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <= 0) {
|
||||
if ((EVP_PKEY_encrypt_init (PkeyCtx) <= 0) ||
|
||||
(EVP_PKEY_CTX_set_rsa_padding (PkeyCtx, RSA_PKCS1_OAEP_PADDING) <= 0))
|
||||
{
|
||||
//
|
||||
// Fail to initialize the context.
|
||||
//
|
||||
@@ -177,7 +180,7 @@ Pkcs1v2Encrypt (
|
||||
// Fail to encrypt data, need to free the output buffer.
|
||||
//
|
||||
FreePool (OutData);
|
||||
OutData = NULL;
|
||||
OutData = NULL;
|
||||
OutDataSize = 0;
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -185,20 +188,22 @@ Pkcs1v2Encrypt (
|
||||
//
|
||||
// Encrypt done.
|
||||
//
|
||||
*EncryptedData = OutData;
|
||||
*EncryptedData = OutData;
|
||||
*EncryptedDataSize = OutDataSize;
|
||||
Result = TRUE;
|
||||
Result = TRUE;
|
||||
|
||||
_Exit:
|
||||
//
|
||||
// Release Resources
|
||||
//
|
||||
if (CertData != NULL) {
|
||||
X509_free (CertData );
|
||||
X509_free (CertData);
|
||||
}
|
||||
|
||||
if (InternalPublicKey != NULL) {
|
||||
EVP_PKEY_free (InternalPublicKey);
|
||||
}
|
||||
|
||||
if (PkeyCtx != NULL) {
|
||||
EVP_PKEY_CTX_free (PkeyCtx);
|
||||
}
|
||||
|
@@ -58,25 +58,28 @@ Pkcs5HashPassword (
|
||||
if ((Password == NULL) || (Salt == NULL) || (OutKey == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if ((PasswordLength == 0) || (PasswordLength > INT_MAX) ||
|
||||
(SaltLength == 0) || (SaltLength > INT_MAX) ||
|
||||
(KeyLength == 0) || (KeyLength > INT_MAX) ||
|
||||
(IterationCount < 1) || (IterationCount > INT_MAX)) {
|
||||
(IterationCount < 1) || (IterationCount > INT_MAX))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// Make sure the digest algorithm is supported.
|
||||
//
|
||||
switch (DigestSize) {
|
||||
case SHA1_DIGEST_SIZE:
|
||||
HashAlg = EVP_sha1();
|
||||
break;
|
||||
case SHA256_DIGEST_SIZE:
|
||||
HashAlg = EVP_sha256();
|
||||
break;
|
||||
default:
|
||||
return FALSE;
|
||||
break;
|
||||
case SHA1_DIGEST_SIZE:
|
||||
HashAlg = EVP_sha1 ();
|
||||
break;
|
||||
case SHA256_DIGEST_SIZE:
|
||||
HashAlg = EVP_sha256 ();
|
||||
break;
|
||||
default:
|
||||
return FALSE;
|
||||
break;
|
||||
}
|
||||
|
||||
//
|
||||
|
@@ -62,8 +62,9 @@ Pkcs7Sign (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (PrivateKey == NULL || KeyPassword == NULL || InData == NULL ||
|
||||
SignCert == NULL || SignedData == NULL || SignedDataSize == NULL || InDataSize > INT_MAX) {
|
||||
if ((PrivateKey == NULL) || (KeyPassword == NULL) || (InData == NULL) ||
|
||||
(SignCert == NULL) || (SignedData == NULL) || (SignedDataSize == NULL) || (InDataSize > INT_MAX))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -79,8 +80,8 @@ Pkcs7Sign (
|
||||
Status = RsaGetPrivateKeyFromPem (
|
||||
PrivateKey,
|
||||
PrivateKeySize,
|
||||
(CONST CHAR8 *) KeyPassword,
|
||||
(VOID **) &RsaContext
|
||||
(CONST CHAR8 *)KeyPassword,
|
||||
(VOID **)&RsaContext
|
||||
);
|
||||
if (!Status) {
|
||||
return Status;
|
||||
@@ -94,9 +95,11 @@ Pkcs7Sign (
|
||||
if (EVP_add_digest (EVP_md5 ()) == 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (EVP_add_digest (EVP_sha1 ()) == 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (EVP_add_digest (EVP_sha256 ()) == 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -110,7 +113,8 @@ Pkcs7Sign (
|
||||
if (Key == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
if (EVP_PKEY_assign_RSA (Key, (RSA *) RsaContext) == 0) {
|
||||
|
||||
if (EVP_PKEY_assign_RSA (Key, (RSA *)RsaContext) == 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
@@ -122,7 +126,7 @@ Pkcs7Sign (
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (BIO_write (DataBio, InData, (int) InDataSize) <= 0) {
|
||||
if (BIO_write (DataBio, InData, (int)InDataSize) <= 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
@@ -130,9 +134,9 @@ Pkcs7Sign (
|
||||
// Create the PKCS#7 signedData structure.
|
||||
//
|
||||
Pkcs7 = PKCS7_sign (
|
||||
(X509 *) SignCert,
|
||||
(X509 *)SignCert,
|
||||
Key,
|
||||
(STACK_OF(X509) *) OtherCerts,
|
||||
(STACK_OF (X509) *) OtherCerts,
|
||||
DataBio,
|
||||
PKCS7_BINARY | PKCS7_NOATTR | PKCS7_DETACHED
|
||||
);
|
||||
@@ -148,13 +152,13 @@ Pkcs7Sign (
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
P7Data = malloc (P7DataSize);
|
||||
P7Data = malloc (P7DataSize);
|
||||
if (P7Data == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Tmp = P7Data;
|
||||
P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **) &Tmp);
|
||||
P7DataSize = i2d_PKCS7 (Pkcs7, (unsigned char **)&Tmp);
|
||||
ASSERT (P7DataSize > 19);
|
||||
|
||||
//
|
||||
|
@@ -51,4 +51,3 @@ Pkcs7Sign (
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
@@ -26,11 +26,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
STATIC
|
||||
BOOLEAN
|
||||
Pkcs7TypeIsOther (
|
||||
IN PKCS7 *P7
|
||||
IN PKCS7 *P7
|
||||
)
|
||||
{
|
||||
BOOLEAN Others;
|
||||
INTN Nid = OBJ_obj2nid (P7->type);
|
||||
BOOLEAN Others;
|
||||
INTN Nid = OBJ_obj2nid (P7->type);
|
||||
|
||||
switch (Nid) {
|
||||
case NID_pkcs7_data:
|
||||
@@ -57,17 +57,18 @@ Pkcs7TypeIsOther (
|
||||
@return ASN1_OCTET_STRING ASN.1 string.
|
||||
**/
|
||||
STATIC
|
||||
ASN1_OCTET_STRING*
|
||||
ASN1_OCTET_STRING *
|
||||
Pkcs7GetOctetString (
|
||||
IN PKCS7 *P7
|
||||
IN PKCS7 *P7
|
||||
)
|
||||
{
|
||||
if (PKCS7_type_is_data (P7)) {
|
||||
return P7->d.data;
|
||||
}
|
||||
|
||||
if (Pkcs7TypeIsOther(P7) && (P7->d.other != NULL) &&
|
||||
(P7->d.other->type == V_ASN1_OCTET_STRING)) {
|
||||
if (Pkcs7TypeIsOther (P7) && (P7->d.other != NULL) &&
|
||||
(P7->d.other->type == V_ASN1_OCTET_STRING))
|
||||
{
|
||||
return P7->d.other->value.octet_string;
|
||||
}
|
||||
|
||||
@@ -171,9 +172,11 @@ Pkcs7GetAttachedContent (
|
||||
*ContentSize = 0;
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
CopyMem (*Content, OctStr->data, *ContentSize);
|
||||
}
|
||||
}
|
||||
|
||||
Status = TRUE;
|
||||
|
||||
_Exit:
|
||||
|
@@ -22,7 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
|
||||
UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
|
||||
|
||||
/**
|
||||
Check input P7Data is a wrapped ContentInfo structure or not. If not construct
|
||||
@@ -56,8 +56,8 @@ WrapPkcs7Data (
|
||||
OUT UINTN *WrapDataSize
|
||||
)
|
||||
{
|
||||
BOOLEAN Wrapped;
|
||||
UINT8 *SignedData;
|
||||
BOOLEAN Wrapped;
|
||||
UINT8 *SignedData;
|
||||
|
||||
//
|
||||
// Check whether input P7Data is a wrapped ContentInfo structure or not.
|
||||
@@ -72,7 +72,7 @@ WrapPkcs7Data (
|
||||
}
|
||||
|
||||
if (Wrapped) {
|
||||
*WrapData = (UINT8 *) P7Data;
|
||||
*WrapData = (UINT8 *)P7Data;
|
||||
*WrapDataSize = P7Length;
|
||||
} else {
|
||||
//
|
||||
@@ -96,8 +96,8 @@ WrapPkcs7Data (
|
||||
//
|
||||
// Part2: Length1 = P7Length + 19 - 4, in big endian.
|
||||
//
|
||||
SignedData[2] = (UINT8) (((UINT16) (*WrapDataSize - 4)) >> 8);
|
||||
SignedData[3] = (UINT8) (((UINT16) (*WrapDataSize - 4)) & 0xff);
|
||||
SignedData[2] = (UINT8)(((UINT16)(*WrapDataSize - 4)) >> 8);
|
||||
SignedData[3] = (UINT8)(((UINT16)(*WrapDataSize - 4)) & 0xff);
|
||||
|
||||
//
|
||||
// Part3: 0x06, 0x09.
|
||||
@@ -119,8 +119,8 @@ WrapPkcs7Data (
|
||||
//
|
||||
// Part6: Length2 = P7Length, in big endian.
|
||||
//
|
||||
SignedData[17] = (UINT8) (((UINT16) P7Length) >> 8);
|
||||
SignedData[18] = (UINT8) (((UINT16) P7Length) & 0xff);
|
||||
SignedData[17] = (UINT8)(((UINT16)P7Length) >> 8);
|
||||
SignedData[18] = (UINT8)(((UINT16)P7Length) & 0xff);
|
||||
|
||||
//
|
||||
// Part7: P7Data.
|
||||
@@ -147,19 +147,20 @@ WrapPkcs7Data (
|
||||
**/
|
||||
BOOLEAN
|
||||
X509PopCertificate (
|
||||
IN VOID *X509Stack,
|
||||
OUT UINT8 **Cert,
|
||||
OUT UINTN *CertSize
|
||||
IN VOID *X509Stack,
|
||||
OUT UINT8 **Cert,
|
||||
OUT UINTN *CertSize
|
||||
)
|
||||
{
|
||||
BIO *CertBio;
|
||||
X509 *X509Cert;
|
||||
STACK_OF(X509) *CertStack;
|
||||
BOOLEAN Status;
|
||||
INT32 Result;
|
||||
BUF_MEM *Ptr;
|
||||
INT32 Length;
|
||||
VOID *Buffer;
|
||||
BIO *CertBio;
|
||||
X509 *X509Cert;
|
||||
|
||||
STACK_OF (X509) *CertStack;
|
||||
BOOLEAN Status;
|
||||
INT32 Result;
|
||||
BUF_MEM *Ptr;
|
||||
INT32 Length;
|
||||
VOID *Buffer;
|
||||
|
||||
Status = FALSE;
|
||||
|
||||
@@ -167,7 +168,7 @@ X509PopCertificate (
|
||||
return Status;
|
||||
}
|
||||
|
||||
CertStack = (STACK_OF(X509) *) X509Stack;
|
||||
CertStack = (STACK_OF (X509) *) X509Stack;
|
||||
|
||||
X509Cert = sk_X509_pop (CertStack);
|
||||
|
||||
@@ -258,23 +259,25 @@ Pkcs7GetSigners (
|
||||
OUT UINTN *CertLength
|
||||
)
|
||||
{
|
||||
PKCS7 *Pkcs7;
|
||||
BOOLEAN Status;
|
||||
UINT8 *SignedData;
|
||||
CONST UINT8 *Temp;
|
||||
UINTN SignedDataSize;
|
||||
BOOLEAN Wrapped;
|
||||
STACK_OF(X509) *Stack;
|
||||
UINT8 Index;
|
||||
UINT8 *CertBuf;
|
||||
UINT8 *OldBuf;
|
||||
UINTN BufferSize;
|
||||
UINTN OldSize;
|
||||
UINT8 *SingleCert;
|
||||
UINTN SingleCertSize;
|
||||
PKCS7 *Pkcs7;
|
||||
BOOLEAN Status;
|
||||
UINT8 *SignedData;
|
||||
CONST UINT8 *Temp;
|
||||
UINTN SignedDataSize;
|
||||
BOOLEAN Wrapped;
|
||||
|
||||
STACK_OF (X509) *Stack;
|
||||
UINT8 Index;
|
||||
UINT8 *CertBuf;
|
||||
UINT8 *OldBuf;
|
||||
UINTN BufferSize;
|
||||
UINTN OldSize;
|
||||
UINT8 *SingleCert;
|
||||
UINTN SingleCertSize;
|
||||
|
||||
if ((P7Data == NULL) || (CertStack == NULL) || (StackLength == NULL) ||
|
||||
(TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) {
|
||||
(TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -297,8 +300,8 @@ Pkcs7GetSigners (
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Temp = SignedData;
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
|
||||
Temp = SignedData;
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);
|
||||
if (Pkcs7 == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -310,7 +313,7 @@ Pkcs7GetSigners (
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Stack = PKCS7_get0_signers(Pkcs7, NULL, PKCS7_BINARY);
|
||||
Stack = PKCS7_get0_signers (Pkcs7, NULL, PKCS7_BINARY);
|
||||
if (Stack == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -350,7 +353,7 @@ Pkcs7GetSigners (
|
||||
OldBuf = NULL;
|
||||
}
|
||||
|
||||
WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) SingleCertSize);
|
||||
WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)SingleCertSize);
|
||||
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, SingleCertSize);
|
||||
|
||||
free (SingleCert);
|
||||
@@ -363,7 +366,7 @@ Pkcs7GetSigners (
|
||||
//
|
||||
CertBuf[0] = Index;
|
||||
|
||||
*CertLength = BufferSize - OldSize - sizeof (UINT32);
|
||||
*CertLength = BufferSize - OldSize - sizeof (UINT32);
|
||||
*TrustedCert = malloc (*CertLength);
|
||||
if (*TrustedCert == NULL) {
|
||||
goto _Exit;
|
||||
@@ -372,7 +375,7 @@ Pkcs7GetSigners (
|
||||
CopyMem (*TrustedCert, CertBuf + OldSize + sizeof (UINT32), *CertLength);
|
||||
*CertStack = CertBuf;
|
||||
*StackLength = BufferSize;
|
||||
Status = TRUE;
|
||||
Status = TRUE;
|
||||
}
|
||||
|
||||
_Exit:
|
||||
@@ -388,7 +391,7 @@ _Exit:
|
||||
}
|
||||
|
||||
if (Stack != NULL) {
|
||||
sk_X509_pop_free(Stack, X509_free);
|
||||
sk_X509_pop_free (Stack, X509_free);
|
||||
}
|
||||
|
||||
if (SingleCert != NULL) {
|
||||
@@ -416,7 +419,7 @@ _Exit:
|
||||
VOID
|
||||
EFIAPI
|
||||
Pkcs7FreeSigners (
|
||||
IN UINT8 *Certs
|
||||
IN UINT8 *Certs
|
||||
)
|
||||
{
|
||||
if (Certs == NULL) {
|
||||
@@ -459,43 +462,45 @@ Pkcs7GetCertificatesList (
|
||||
OUT UINTN *UnchainLength
|
||||
)
|
||||
{
|
||||
BOOLEAN Status;
|
||||
UINT8 *NewP7Data;
|
||||
UINTN NewP7Length;
|
||||
BOOLEAN Wrapped;
|
||||
UINT8 Index;
|
||||
PKCS7 *Pkcs7;
|
||||
X509_STORE_CTX *CertCtx;
|
||||
STACK_OF(X509) *CtxChain;
|
||||
STACK_OF(X509) *CtxUntrusted;
|
||||
X509 *CtxCert;
|
||||
STACK_OF(X509) *Signers;
|
||||
X509 *Signer;
|
||||
X509 *Cert;
|
||||
X509 *Issuer;
|
||||
X509_NAME *IssuerName;
|
||||
UINT8 *CertBuf;
|
||||
UINT8 *OldBuf;
|
||||
UINTN BufferSize;
|
||||
UINTN OldSize;
|
||||
UINT8 *SingleCert;
|
||||
UINTN CertSize;
|
||||
BOOLEAN Status;
|
||||
UINT8 *NewP7Data;
|
||||
UINTN NewP7Length;
|
||||
BOOLEAN Wrapped;
|
||||
UINT8 Index;
|
||||
PKCS7 *Pkcs7;
|
||||
X509_STORE_CTX *CertCtx;
|
||||
|
||||
STACK_OF (X509) *CtxChain;
|
||||
STACK_OF (X509) *CtxUntrusted;
|
||||
X509 *CtxCert;
|
||||
|
||||
STACK_OF (X509) *Signers;
|
||||
X509 *Signer;
|
||||
X509 *Cert;
|
||||
X509 *Issuer;
|
||||
X509_NAME *IssuerName;
|
||||
UINT8 *CertBuf;
|
||||
UINT8 *OldBuf;
|
||||
UINTN BufferSize;
|
||||
UINTN OldSize;
|
||||
UINT8 *SingleCert;
|
||||
UINTN CertSize;
|
||||
|
||||
//
|
||||
// Initializations
|
||||
//
|
||||
Status = FALSE;
|
||||
NewP7Data = NULL;
|
||||
Pkcs7 = NULL;
|
||||
CertCtx = NULL;
|
||||
CtxChain = NULL;
|
||||
CtxCert = NULL;
|
||||
CtxUntrusted = NULL;
|
||||
Cert = NULL;
|
||||
SingleCert = NULL;
|
||||
CertBuf = NULL;
|
||||
OldBuf = NULL;
|
||||
Signers = NULL;
|
||||
Status = FALSE;
|
||||
NewP7Data = NULL;
|
||||
Pkcs7 = NULL;
|
||||
CertCtx = NULL;
|
||||
CtxChain = NULL;
|
||||
CtxCert = NULL;
|
||||
CtxUntrusted = NULL;
|
||||
Cert = NULL;
|
||||
SingleCert = NULL;
|
||||
CertBuf = NULL;
|
||||
OldBuf = NULL;
|
||||
Signers = NULL;
|
||||
|
||||
ZeroMem (&CertCtx, sizeof (CertCtx));
|
||||
|
||||
@@ -503,7 +508,8 @@ Pkcs7GetCertificatesList (
|
||||
// Parameter Checking
|
||||
//
|
||||
if ((P7Data == NULL) || (SignerChainCerts == NULL) || (ChainLength == NULL) ||
|
||||
(UnchainCerts == NULL) || (UnchainLength == NULL) || (P7Length > INT_MAX)) {
|
||||
(UnchainCerts == NULL) || (UnchainLength == NULL) || (P7Length > INT_MAX))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
|
||||
@@ -523,7 +529,7 @@ Pkcs7GetCertificatesList (
|
||||
//
|
||||
// Decodes PKCS#7 SignedData
|
||||
//
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &NewP7Data, (int) NewP7Length);
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&NewP7Data, (int)NewP7Length);
|
||||
if ((Pkcs7 == NULL) || (!PKCS7_type_is_signed (Pkcs7))) {
|
||||
goto _Error;
|
||||
}
|
||||
@@ -537,15 +543,18 @@ Pkcs7GetCertificatesList (
|
||||
if ((Signers == NULL) || (sk_X509_num (Signers) != 1)) {
|
||||
goto _Error;
|
||||
}
|
||||
|
||||
Signer = sk_X509_value (Signers, 0);
|
||||
|
||||
CertCtx = X509_STORE_CTX_new ();
|
||||
if (CertCtx == NULL) {
|
||||
goto _Error;
|
||||
}
|
||||
|
||||
if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {
|
||||
goto _Error;
|
||||
}
|
||||
|
||||
//
|
||||
// Initialize Chained & Untrusted stack
|
||||
//
|
||||
@@ -553,10 +562,12 @@ Pkcs7GetCertificatesList (
|
||||
CtxCert = X509_STORE_CTX_get0_cert (CertCtx);
|
||||
if (CtxChain == NULL) {
|
||||
if (((CtxChain = sk_X509_new_null ()) == NULL) ||
|
||||
(!sk_X509_push (CtxChain, CtxCert))) {
|
||||
(!sk_X509_push (CtxChain, CtxCert)))
|
||||
{
|
||||
goto _Error;
|
||||
}
|
||||
}
|
||||
|
||||
CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);
|
||||
if (CtxUntrusted != NULL) {
|
||||
(VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
|
||||
@@ -566,7 +577,7 @@ Pkcs7GetCertificatesList (
|
||||
// Build certificates stack chained from Signer's certificate.
|
||||
//
|
||||
Cert = Signer;
|
||||
for (; ;) {
|
||||
for ( ; ;) {
|
||||
//
|
||||
// Self-Issue checking
|
||||
//
|
||||
@@ -581,13 +592,14 @@ Pkcs7GetCertificatesList (
|
||||
// Found the issuer of the current certificate
|
||||
//
|
||||
if (CtxUntrusted != NULL) {
|
||||
Issuer = NULL;
|
||||
Issuer = NULL;
|
||||
IssuerName = X509_get_issuer_name (Cert);
|
||||
Issuer = X509_find_by_subject (CtxUntrusted, IssuerName);
|
||||
if (Issuer != NULL) {
|
||||
if (!sk_X509_push (CtxChain, Issuer)) {
|
||||
goto _Error;
|
||||
}
|
||||
|
||||
(VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer);
|
||||
|
||||
Cert = Issuer;
|
||||
@@ -629,13 +641,14 @@ Pkcs7GetCertificatesList (
|
||||
Status = FALSE;
|
||||
goto _Error;
|
||||
}
|
||||
|
||||
if (OldBuf != NULL) {
|
||||
CopyMem (CertBuf, OldBuf, OldSize);
|
||||
free (OldBuf);
|
||||
OldBuf = NULL;
|
||||
}
|
||||
|
||||
WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) CertSize);
|
||||
WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)CertSize);
|
||||
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, CertSize);
|
||||
|
||||
free (SingleCert);
|
||||
@@ -672,13 +685,14 @@ Pkcs7GetCertificatesList (
|
||||
Status = FALSE;
|
||||
goto _Error;
|
||||
}
|
||||
|
||||
if (OldBuf != NULL) {
|
||||
CopyMem (CertBuf, OldBuf, OldSize);
|
||||
free (OldBuf);
|
||||
OldBuf = NULL;
|
||||
}
|
||||
|
||||
WriteUnaligned32 ((UINT32 *) (CertBuf + OldSize), (UINT32) CertSize);
|
||||
WriteUnaligned32 ((UINT32 *)(CertBuf + OldSize), (UINT32)CertSize);
|
||||
CopyMem (CertBuf + OldSize + sizeof (UINT32), SingleCert, CertSize);
|
||||
|
||||
free (SingleCert);
|
||||
@@ -709,6 +723,7 @@ _Error:
|
||||
if (Pkcs7 != NULL) {
|
||||
PKCS7_free (Pkcs7);
|
||||
}
|
||||
|
||||
sk_X509_free (Signers);
|
||||
|
||||
if (CertCtx != NULL) {
|
||||
@@ -768,21 +783,22 @@ Pkcs7Verify (
|
||||
IN UINTN DataLength
|
||||
)
|
||||
{
|
||||
PKCS7 *Pkcs7;
|
||||
BIO *DataBio;
|
||||
BOOLEAN Status;
|
||||
X509 *Cert;
|
||||
X509_STORE *CertStore;
|
||||
UINT8 *SignedData;
|
||||
CONST UINT8 *Temp;
|
||||
UINTN SignedDataSize;
|
||||
BOOLEAN Wrapped;
|
||||
PKCS7 *Pkcs7;
|
||||
BIO *DataBio;
|
||||
BOOLEAN Status;
|
||||
X509 *Cert;
|
||||
X509_STORE *CertStore;
|
||||
UINT8 *SignedData;
|
||||
CONST UINT8 *Temp;
|
||||
UINTN SignedDataSize;
|
||||
BOOLEAN Wrapped;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (P7Data == NULL || TrustedCert == NULL || InData == NULL ||
|
||||
P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) {
|
||||
if ((P7Data == NULL) || (TrustedCert == NULL) || (InData == NULL) ||
|
||||
(P7Length > INT_MAX) || (CertLength > INT_MAX) || (DataLength > INT_MAX))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -797,18 +813,23 @@ Pkcs7Verify (
|
||||
if (EVP_add_digest (EVP_md5 ()) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (EVP_add_digest (EVP_sha1 ()) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (EVP_add_digest (EVP_sha256 ()) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (EVP_add_digest (EVP_sha384 ()) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (EVP_add_digest (EVP_sha512 ()) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
@@ -827,8 +848,8 @@ Pkcs7Verify (
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Temp = SignedData;
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) SignedDataSize);
|
||||
Temp = SignedData;
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);
|
||||
if (Pkcs7 == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -844,7 +865,7 @@ Pkcs7Verify (
|
||||
// Read DER-encoded root certificate and Construct X509 Certificate
|
||||
//
|
||||
Temp = TrustedCert;
|
||||
Cert = d2i_X509 (NULL, &Temp, (long) CertLength);
|
||||
Cert = d2i_X509 (NULL, &Temp, (long)CertLength);
|
||||
if (Cert == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -856,6 +877,7 @@ Pkcs7Verify (
|
||||
if (CertStore == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (!(X509_STORE_add_cert (CertStore, Cert))) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -864,7 +886,7 @@ Pkcs7Verify (
|
||||
// For generic PKCS#7 handling, InData may be NULL if the content is present
|
||||
// in PKCS#7 structure. So ignore NULL checking here.
|
||||
//
|
||||
DataBio = BIO_new_mem_buf (InData, (int) DataLength);
|
||||
DataBio = BIO_new_mem_buf (InData, (int)DataLength);
|
||||
if (DataBio == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -873,8 +895,10 @@ Pkcs7Verify (
|
||||
// Allow partial certificate chains, terminated by a non-self-signed but
|
||||
// still trusted intermediate certificate. Also disable time checks.
|
||||
//
|
||||
X509_STORE_set_flags (CertStore,
|
||||
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
|
||||
X509_STORE_set_flags (
|
||||
CertStore,
|
||||
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
|
||||
);
|
||||
|
||||
//
|
||||
// OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and
|
||||
@@ -886,7 +910,7 @@ Pkcs7Verify (
|
||||
//
|
||||
// Verifies the PKCS#7 signedData structure
|
||||
//
|
||||
Status = (BOOLEAN) PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);
|
||||
Status = (BOOLEAN)PKCS7_verify (Pkcs7, NULL, CertStore, DataBio, NULL, PKCS7_BINARY);
|
||||
|
||||
_Exit:
|
||||
//
|
||||
@@ -903,4 +927,3 @@ _Exit:
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
@@ -64,19 +64,20 @@
|
||||
**/
|
||||
EFI_STATUS
|
||||
GetSignerCertificate (
|
||||
IN CONST PKCS7 *CertChain,
|
||||
OUT X509 **SignerCert
|
||||
IN CONST PKCS7 *CertChain,
|
||||
OUT X509 **SignerCert
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
STACK_OF(X509) *Signers;
|
||||
INT32 NumberSigners;
|
||||
EFI_STATUS Status;
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
Signers = NULL;
|
||||
NumberSigners = 0;
|
||||
STACK_OF (X509) *Signers;
|
||||
INT32 NumberSigners;
|
||||
|
||||
if (CertChain == NULL || SignerCert == NULL) {
|
||||
Status = EFI_SUCCESS;
|
||||
Signers = NULL;
|
||||
NumberSigners = 0;
|
||||
|
||||
if ((CertChain == NULL) || (SignerCert == NULL)) {
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
goto Exit;
|
||||
}
|
||||
@@ -84,7 +85,7 @@ GetSignerCertificate (
|
||||
//
|
||||
// Get the signers from the chain.
|
||||
//
|
||||
Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY);
|
||||
Signers = PKCS7_get0_signers ((PKCS7 *)CertChain, NULL, PKCS7_BINARY);
|
||||
if (Signers == NULL) {
|
||||
//
|
||||
// Fail to get signers form PKCS7
|
||||
@@ -118,7 +119,6 @@ Exit:
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Determines if the specified EKU represented in ASN1 form is present
|
||||
in a given certificate.
|
||||
@@ -134,8 +134,8 @@ Exit:
|
||||
**/
|
||||
EFI_STATUS
|
||||
IsEkuInCertificate (
|
||||
IN CONST X509 *Cert,
|
||||
IN ASN1_OBJECT *Asn1ToFind
|
||||
IN CONST X509 *Cert,
|
||||
IN ASN1_OBJECT *Asn1ToFind
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
@@ -147,15 +147,15 @@ IsEkuInCertificate (
|
||||
ASN1_OBJECT *Asn1InCert;
|
||||
INTN Index;
|
||||
|
||||
Status = EFI_NOT_FOUND;
|
||||
ClonedCert = NULL;
|
||||
Extension = NULL;
|
||||
Eku = NULL;
|
||||
ExtensionIndex = -1;
|
||||
NumExtensions = 0;
|
||||
Asn1InCert = NULL;
|
||||
Status = EFI_NOT_FOUND;
|
||||
ClonedCert = NULL;
|
||||
Extension = NULL;
|
||||
Eku = NULL;
|
||||
ExtensionIndex = -1;
|
||||
NumExtensions = 0;
|
||||
Asn1InCert = NULL;
|
||||
|
||||
if (Cert == NULL || Asn1ToFind == NULL) {
|
||||
if ((Cert == NULL) || (Asn1ToFind == NULL)) {
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
goto Exit;
|
||||
}
|
||||
@@ -164,7 +164,7 @@ IsEkuInCertificate (
|
||||
// Clone the certificate. This is required because the Extension API's
|
||||
// only work once per instance of an X509 object.
|
||||
//
|
||||
ClonedCert = X509_dup ((X509*)Cert);
|
||||
ClonedCert = X509_dup ((X509 *)Cert);
|
||||
if (ClonedCert == NULL) {
|
||||
//
|
||||
// Fail to duplicate cert.
|
||||
@@ -193,7 +193,7 @@ IsEkuInCertificate (
|
||||
goto Exit;
|
||||
}
|
||||
|
||||
Eku = (EXTENDED_KEY_USAGE*)X509V3_EXT_d2i (Extension);
|
||||
Eku = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i (Extension);
|
||||
if (Eku == NULL) {
|
||||
//
|
||||
// Fail to get Eku from extension.
|
||||
@@ -215,8 +215,9 @@ IsEkuInCertificate (
|
||||
goto Exit;
|
||||
}
|
||||
|
||||
if (Asn1InCert->length == Asn1ToFind->length &&
|
||||
CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0) {
|
||||
if ((Asn1InCert->length == Asn1ToFind->length) &&
|
||||
(CompareMem (Asn1InCert->data, Asn1ToFind->data, Asn1InCert->length) == 0))
|
||||
{
|
||||
//
|
||||
// Found Eku in certificate.
|
||||
//
|
||||
@@ -241,7 +242,6 @@ Exit:
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Determines if the specified EKUs are present in a signing certificate.
|
||||
|
||||
@@ -256,23 +256,23 @@ Exit:
|
||||
@retval EFI_NOT_FOUND One or more EKU's were not found in the signature.
|
||||
**/
|
||||
EFI_STATUS
|
||||
CheckEKUs(
|
||||
IN CONST X509 *SignerCert,
|
||||
IN CONST CHAR8 *RequiredEKUs[],
|
||||
IN CONST UINT32 RequiredEKUsSize,
|
||||
IN BOOLEAN RequireAllPresent
|
||||
CheckEKUs (
|
||||
IN CONST X509 *SignerCert,
|
||||
IN CONST CHAR8 *RequiredEKUs[],
|
||||
IN CONST UINT32 RequiredEKUsSize,
|
||||
IN BOOLEAN RequireAllPresent
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
ASN1_OBJECT *Asn1ToFind;
|
||||
UINT32 NumEkusFound;
|
||||
UINT32 Index;
|
||||
EFI_STATUS Status;
|
||||
ASN1_OBJECT *Asn1ToFind;
|
||||
UINT32 NumEkusFound;
|
||||
UINT32 Index;
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
Asn1ToFind = NULL;
|
||||
NumEkusFound = 0;
|
||||
|
||||
if (SignerCert == NULL || RequiredEKUs == NULL || RequiredEKUsSize == 0) {
|
||||
if ((SignerCert == NULL) || (RequiredEKUs == NULL) || (RequiredEKUsSize == 0)) {
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
goto Exit;
|
||||
}
|
||||
@@ -282,7 +282,7 @@ CheckEKUs(
|
||||
// Finding required EKU in cert.
|
||||
//
|
||||
if (Asn1ToFind != NULL) {
|
||||
ASN1_OBJECT_free(Asn1ToFind);
|
||||
ASN1_OBJECT_free (Asn1ToFind);
|
||||
Asn1ToFind = NULL;
|
||||
}
|
||||
|
||||
@@ -314,11 +314,12 @@ CheckEKUs(
|
||||
Exit:
|
||||
|
||||
if (Asn1ToFind != NULL) {
|
||||
ASN1_OBJECT_free(Asn1ToFind);
|
||||
ASN1_OBJECT_free (Asn1ToFind);
|
||||
}
|
||||
|
||||
if (RequireAllPresent &&
|
||||
NumEkusFound == RequiredEKUsSize) {
|
||||
(NumEkusFound == RequiredEKUsSize))
|
||||
{
|
||||
//
|
||||
// Found all required EKUs in certificate.
|
||||
//
|
||||
@@ -361,43 +362,45 @@ Exit:
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
VerifyEKUsInPkcs7Signature (
|
||||
IN CONST UINT8 *Pkcs7Signature,
|
||||
IN CONST UINT32 SignatureSize,
|
||||
IN CONST CHAR8 *RequiredEKUs[],
|
||||
IN CONST UINT32 RequiredEKUsSize,
|
||||
IN BOOLEAN RequireAllPresent
|
||||
IN CONST UINT8 *Pkcs7Signature,
|
||||
IN CONST UINT32 SignatureSize,
|
||||
IN CONST CHAR8 *RequiredEKUs[],
|
||||
IN CONST UINT32 RequiredEKUsSize,
|
||||
IN BOOLEAN RequireAllPresent
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
PKCS7 *Pkcs7;
|
||||
STACK_OF(X509) *CertChain;
|
||||
INT32 SignatureType;
|
||||
INT32 NumberCertsInSignature;
|
||||
X509 *SignerCert;
|
||||
UINT8 *SignedData;
|
||||
UINT8 *Temp;
|
||||
UINTN SignedDataSize;
|
||||
BOOLEAN IsWrapped;
|
||||
BOOLEAN Ok;
|
||||
EFI_STATUS Status;
|
||||
PKCS7 *Pkcs7;
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
Pkcs7 = NULL;
|
||||
CertChain = NULL;
|
||||
SignatureType = 0;
|
||||
NumberCertsInSignature = 0;
|
||||
SignerCert = NULL;
|
||||
SignedData = NULL;
|
||||
SignedDataSize = 0;
|
||||
IsWrapped = FALSE;
|
||||
Ok = FALSE;
|
||||
STACK_OF (X509) *CertChain;
|
||||
INT32 SignatureType;
|
||||
INT32 NumberCertsInSignature;
|
||||
X509 *SignerCert;
|
||||
UINT8 *SignedData;
|
||||
UINT8 *Temp;
|
||||
UINTN SignedDataSize;
|
||||
BOOLEAN IsWrapped;
|
||||
BOOLEAN Ok;
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
Pkcs7 = NULL;
|
||||
CertChain = NULL;
|
||||
SignatureType = 0;
|
||||
NumberCertsInSignature = 0;
|
||||
SignerCert = NULL;
|
||||
SignedData = NULL;
|
||||
SignedDataSize = 0;
|
||||
IsWrapped = FALSE;
|
||||
Ok = FALSE;
|
||||
|
||||
//
|
||||
//Validate the input parameters.
|
||||
// Validate the input parameters.
|
||||
//
|
||||
if (Pkcs7Signature == NULL ||
|
||||
SignatureSize == 0 ||
|
||||
RequiredEKUs == NULL ||
|
||||
RequiredEKUsSize == 0) {
|
||||
if ((Pkcs7Signature == NULL) ||
|
||||
(SignatureSize == 0) ||
|
||||
(RequiredEKUs == NULL) ||
|
||||
(RequiredEKUsSize == 0))
|
||||
{
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
goto Exit;
|
||||
}
|
||||
@@ -409,11 +412,13 @@ VerifyEKUsInPkcs7Signature (
|
||||
//
|
||||
// Wrap the PKCS7 data if needed.
|
||||
//
|
||||
Ok = WrapPkcs7Data (Pkcs7Signature,
|
||||
SignatureSize,
|
||||
&IsWrapped,
|
||||
&SignedData,
|
||||
&SignedDataSize);
|
||||
Ok = WrapPkcs7Data (
|
||||
Pkcs7Signature,
|
||||
SignatureSize,
|
||||
&IsWrapped,
|
||||
&SignedData,
|
||||
&SignedDataSize
|
||||
);
|
||||
if (!Ok) {
|
||||
//
|
||||
// Fail to Wrap the PKCS7 data.
|
||||
@@ -441,18 +446,20 @@ VerifyEKUsInPkcs7Signature (
|
||||
//
|
||||
SignatureType = OBJ_obj2nid (Pkcs7->type);
|
||||
switch (SignatureType) {
|
||||
case NID_pkcs7_signed:
|
||||
if (Pkcs7->d.sign != NULL) {
|
||||
CertChain = Pkcs7->d.sign->cert;
|
||||
}
|
||||
break;
|
||||
case NID_pkcs7_signedAndEnveloped:
|
||||
if (Pkcs7->d.signed_and_enveloped != NULL) {
|
||||
CertChain = Pkcs7->d.signed_and_enveloped->cert;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
case NID_pkcs7_signed:
|
||||
if (Pkcs7->d.sign != NULL) {
|
||||
CertChain = Pkcs7->d.sign->cert;
|
||||
}
|
||||
|
||||
break;
|
||||
case NID_pkcs7_signedAndEnveloped:
|
||||
if (Pkcs7->d.signed_and_enveloped != NULL) {
|
||||
CertChain = Pkcs7->d.signed_and_enveloped->cert;
|
||||
}
|
||||
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
//
|
||||
@@ -483,7 +490,7 @@ VerifyEKUsInPkcs7Signature (
|
||||
// Get the leaf signer.
|
||||
//
|
||||
Status = GetSignerCertificate (Pkcs7, &SignerCert);
|
||||
if (Status != EFI_SUCCESS || SignerCert == NULL) {
|
||||
if ((Status != EFI_SUCCESS) || (SignerCert == NULL)) {
|
||||
//
|
||||
// Fail to get the end-entity leaf signer certificate.
|
||||
//
|
||||
@@ -514,4 +521,3 @@ Exit:
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
@@ -44,14 +44,13 @@
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
VerifyEKUsInPkcs7Signature (
|
||||
IN CONST UINT8 *Pkcs7Signature,
|
||||
IN CONST UINT32 SignatureSize,
|
||||
IN CONST CHAR8 *RequiredEKUs[],
|
||||
IN CONST UINT32 RequiredEKUsSize,
|
||||
IN BOOLEAN RequireAllPresent
|
||||
IN CONST UINT8 *Pkcs7Signature,
|
||||
IN CONST UINT32 SignatureSize,
|
||||
IN CONST CHAR8 *RequiredEKUs[],
|
||||
IN CONST UINT32 RequiredEKUsSize,
|
||||
IN BOOLEAN RequireAllPresent
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
return RETURN_UNSUPPORTED;
|
||||
}
|
||||
|
||||
|
@@ -57,7 +57,7 @@ Pkcs7GetSigners (
|
||||
VOID
|
||||
EFIAPI
|
||||
Pkcs7FreeSigners (
|
||||
IN UINT8 *Certs
|
||||
IN UINT8 *Certs
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
|
@@ -36,4 +36,3 @@ Pkcs7GetAttachedContent (
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
@@ -34,7 +34,7 @@ RsaNew (
|
||||
//
|
||||
// Allocates & Initializes RSA Context by OpenSSL RSA_new()
|
||||
//
|
||||
return (VOID *) RSA_new ();
|
||||
return (VOID *)RSA_new ();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -52,7 +52,7 @@ RsaFree (
|
||||
//
|
||||
// Free OpenSSL RSA Context
|
||||
//
|
||||
RSA_free ((RSA *) RsaContext);
|
||||
RSA_free ((RSA *)RsaContext);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -99,7 +99,7 @@ RsaSetKey (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || BnSize > INT_MAX) {
|
||||
if ((RsaContext == NULL) || (BnSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -115,7 +115,7 @@ RsaSetKey (
|
||||
//
|
||||
// Retrieve the components from RSA object.
|
||||
//
|
||||
RsaKey = (RSA *) RsaContext;
|
||||
RsaKey = (RSA *)RsaContext;
|
||||
RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);
|
||||
RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);
|
||||
RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);
|
||||
@@ -126,118 +126,127 @@ RsaSetKey (
|
||||
// (N, e) are needed.
|
||||
//
|
||||
switch (KeyTag) {
|
||||
|
||||
//
|
||||
// RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)
|
||||
//
|
||||
case RsaKeyN:
|
||||
case RsaKeyE:
|
||||
case RsaKeyD:
|
||||
if (BnN == NULL) {
|
||||
BnN = BN_new ();
|
||||
}
|
||||
if (BnE == NULL) {
|
||||
BnE = BN_new ();
|
||||
}
|
||||
if (BnD == NULL) {
|
||||
BnD = BN_new ();
|
||||
}
|
||||
|
||||
if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
switch (KeyTag) {
|
||||
//
|
||||
// RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)
|
||||
//
|
||||
case RsaKeyN:
|
||||
BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);
|
||||
break;
|
||||
case RsaKeyE:
|
||||
BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);
|
||||
break;
|
||||
case RsaKeyD:
|
||||
BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);
|
||||
if (BnN == NULL) {
|
||||
BnN = BN_new ();
|
||||
}
|
||||
|
||||
if (BnE == NULL) {
|
||||
BnE = BN_new ();
|
||||
}
|
||||
|
||||
if (BnD == NULL) {
|
||||
BnD = BN_new ();
|
||||
}
|
||||
|
||||
if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
switch (KeyTag) {
|
||||
case RsaKeyN:
|
||||
BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);
|
||||
break;
|
||||
case RsaKeyE:
|
||||
BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);
|
||||
break;
|
||||
case RsaKeyD:
|
||||
BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);
|
||||
break;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (RSA_set0_key (RsaKey, BN_dup (BnN), BN_dup (BnE), BN_dup (BnD)) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
break;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Secret Prime Factor of Modulus (p and q)
|
||||
//
|
||||
case RsaKeyP:
|
||||
case RsaKeyQ:
|
||||
if (BnP == NULL) {
|
||||
BnP = BN_new ();
|
||||
}
|
||||
if (BnQ == NULL) {
|
||||
BnQ = BN_new ();
|
||||
}
|
||||
if ((BnP == NULL) || (BnQ == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
switch (KeyTag) {
|
||||
//
|
||||
// RSA Secret Prime Factor of Modulus (p and q)
|
||||
//
|
||||
case RsaKeyP:
|
||||
BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);
|
||||
break;
|
||||
case RsaKeyQ:
|
||||
BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);
|
||||
if (BnP == NULL) {
|
||||
BnP = BN_new ();
|
||||
}
|
||||
|
||||
if (BnQ == NULL) {
|
||||
BnQ = BN_new ();
|
||||
}
|
||||
|
||||
if ((BnP == NULL) || (BnQ == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
switch (KeyTag) {
|
||||
case RsaKeyP:
|
||||
BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);
|
||||
break;
|
||||
case RsaKeyQ:
|
||||
BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);
|
||||
break;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (RSA_set0_factors (RsaKey, BN_dup (BnP), BN_dup (BnQ)) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
break;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
//
|
||||
// p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),
|
||||
// and CRT Coefficient (== 1/q mod p)
|
||||
//
|
||||
case RsaKeyDp:
|
||||
case RsaKeyDq:
|
||||
case RsaKeyQInv:
|
||||
if (BnDp == NULL) {
|
||||
BnDp = BN_new ();
|
||||
}
|
||||
if (BnDq == NULL) {
|
||||
BnDq = BN_new ();
|
||||
}
|
||||
if (BnQInv == NULL) {
|
||||
BnQInv = BN_new ();
|
||||
}
|
||||
if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
switch (KeyTag) {
|
||||
//
|
||||
// p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),
|
||||
// and CRT Coefficient (== 1/q mod p)
|
||||
//
|
||||
case RsaKeyDp:
|
||||
BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);
|
||||
break;
|
||||
case RsaKeyDq:
|
||||
BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);
|
||||
break;
|
||||
case RsaKeyQInv:
|
||||
BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);
|
||||
if (BnDp == NULL) {
|
||||
BnDp = BN_new ();
|
||||
}
|
||||
|
||||
if (BnDq == NULL) {
|
||||
BnDq = BN_new ();
|
||||
}
|
||||
|
||||
if (BnQInv == NULL) {
|
||||
BnQInv = BN_new ();
|
||||
}
|
||||
|
||||
if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
switch (KeyTag) {
|
||||
case RsaKeyDp:
|
||||
BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);
|
||||
break;
|
||||
case RsaKeyDq:
|
||||
BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);
|
||||
break;
|
||||
case RsaKeyQInv:
|
||||
BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);
|
||||
break;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (RSA_set0_crt_params (RsaKey, BN_dup (BnDp), BN_dup (BnDq), BN_dup (BnQInv)) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
@@ -272,17 +281,17 @@ RsaPkcs1Verify (
|
||||
IN UINTN SigSize
|
||||
)
|
||||
{
|
||||
INT32 DigestType;
|
||||
UINT8 *SigBuf;
|
||||
INT32 DigestType;
|
||||
UINT8 *SigBuf;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
|
||||
if ((RsaContext == NULL) || (MessageHash == NULL) || (Signature == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (SigSize > INT_MAX || SigSize == 0) {
|
||||
if ((SigSize > INT_MAX) || (SigSize == 0)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -291,37 +300,37 @@ RsaPkcs1Verify (
|
||||
// Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
|
||||
//
|
||||
switch (HashSize) {
|
||||
case MD5_DIGEST_SIZE:
|
||||
DigestType = NID_md5;
|
||||
break;
|
||||
case MD5_DIGEST_SIZE:
|
||||
DigestType = NID_md5;
|
||||
break;
|
||||
|
||||
case SHA1_DIGEST_SIZE:
|
||||
DigestType = NID_sha1;
|
||||
break;
|
||||
case SHA1_DIGEST_SIZE:
|
||||
DigestType = NID_sha1;
|
||||
break;
|
||||
|
||||
case SHA256_DIGEST_SIZE:
|
||||
DigestType = NID_sha256;
|
||||
break;
|
||||
case SHA256_DIGEST_SIZE:
|
||||
DigestType = NID_sha256;
|
||||
break;
|
||||
|
||||
case SHA384_DIGEST_SIZE:
|
||||
DigestType = NID_sha384;
|
||||
break;
|
||||
case SHA384_DIGEST_SIZE:
|
||||
DigestType = NID_sha384;
|
||||
break;
|
||||
|
||||
case SHA512_DIGEST_SIZE:
|
||||
DigestType = NID_sha512;
|
||||
break;
|
||||
case SHA512_DIGEST_SIZE:
|
||||
DigestType = NID_sha512;
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
SigBuf = (UINT8 *) Signature;
|
||||
return (BOOLEAN) RSA_verify (
|
||||
DigestType,
|
||||
MessageHash,
|
||||
(UINT32) HashSize,
|
||||
SigBuf,
|
||||
(UINT32) SigSize,
|
||||
(RSA *) RsaContext
|
||||
);
|
||||
SigBuf = (UINT8 *)Signature;
|
||||
return (BOOLEAN)RSA_verify (
|
||||
DigestType,
|
||||
MessageHash,
|
||||
(UINT32)HashSize,
|
||||
SigBuf,
|
||||
(UINT32)SigSize,
|
||||
(RSA *)RsaContext
|
||||
);
|
||||
}
|
||||
|
@@ -54,82 +54,81 @@ RsaGetKey (
|
||||
IN OUT UINTN *BnSize
|
||||
)
|
||||
{
|
||||
RSA *RsaKey;
|
||||
BIGNUM *BnKey;
|
||||
UINTN Size;
|
||||
RSA *RsaKey;
|
||||
BIGNUM *BnKey;
|
||||
UINTN Size;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || BnSize == NULL) {
|
||||
if ((RsaContext == NULL) || (BnSize == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
RsaKey = (RSA *) RsaContext;
|
||||
RsaKey = (RSA *)RsaContext;
|
||||
Size = *BnSize;
|
||||
*BnSize = 0;
|
||||
BnKey = NULL;
|
||||
|
||||
switch (KeyTag) {
|
||||
//
|
||||
// RSA Public Modulus (N)
|
||||
//
|
||||
case RsaKeyN:
|
||||
RSA_get0_key (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Public Modulus (N)
|
||||
//
|
||||
case RsaKeyN:
|
||||
RSA_get0_key (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
|
||||
break;
|
||||
//
|
||||
// RSA Public Exponent (e)
|
||||
//
|
||||
case RsaKeyE:
|
||||
RSA_get0_key (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Public Exponent (e)
|
||||
//
|
||||
case RsaKeyE:
|
||||
RSA_get0_key (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
|
||||
break;
|
||||
//
|
||||
// RSA Private Exponent (d)
|
||||
//
|
||||
case RsaKeyD:
|
||||
RSA_get0_key (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Private Exponent (d)
|
||||
//
|
||||
case RsaKeyD:
|
||||
RSA_get0_key (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
|
||||
break;
|
||||
//
|
||||
// RSA Secret Prime Factor of Modulus (p)
|
||||
//
|
||||
case RsaKeyP:
|
||||
RSA_get0_factors (RsaKey, (const BIGNUM **)&BnKey, NULL);
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Secret Prime Factor of Modulus (p)
|
||||
//
|
||||
case RsaKeyP:
|
||||
RSA_get0_factors (RsaKey, (const BIGNUM **)&BnKey, NULL);
|
||||
break;
|
||||
//
|
||||
// RSA Secret Prime Factor of Modules (q)
|
||||
//
|
||||
case RsaKeyQ:
|
||||
RSA_get0_factors (RsaKey, NULL, (const BIGNUM **)&BnKey);
|
||||
break;
|
||||
|
||||
//
|
||||
// RSA Secret Prime Factor of Modules (q)
|
||||
//
|
||||
case RsaKeyQ:
|
||||
RSA_get0_factors (RsaKey, NULL, (const BIGNUM **)&BnKey);
|
||||
break;
|
||||
//
|
||||
// p's CRT Exponent (== d mod (p - 1))
|
||||
//
|
||||
case RsaKeyDp:
|
||||
RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
|
||||
break;
|
||||
|
||||
//
|
||||
// p's CRT Exponent (== d mod (p - 1))
|
||||
//
|
||||
case RsaKeyDp:
|
||||
RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
|
||||
break;
|
||||
//
|
||||
// q's CRT Exponent (== d mod (q - 1))
|
||||
//
|
||||
case RsaKeyDq:
|
||||
RSA_get0_crt_params (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
|
||||
break;
|
||||
|
||||
//
|
||||
// q's CRT Exponent (== d mod (q - 1))
|
||||
//
|
||||
case RsaKeyDq:
|
||||
RSA_get0_crt_params (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
|
||||
break;
|
||||
//
|
||||
// The CRT Coefficient (== 1/q mod p)
|
||||
//
|
||||
case RsaKeyQInv:
|
||||
RSA_get0_crt_params (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
|
||||
break;
|
||||
|
||||
//
|
||||
// The CRT Coefficient (== 1/q mod p)
|
||||
//
|
||||
case RsaKeyQInv:
|
||||
RSA_get0_crt_params (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (BnKey == NULL) {
|
||||
@@ -148,7 +147,8 @@ RsaGetKey (
|
||||
*BnSize = Size;
|
||||
return TRUE;
|
||||
}
|
||||
*BnSize = BN_bn2bin (BnKey, BigNumber) ;
|
||||
|
||||
*BnSize = BN_bn2bin (BnKey, BigNumber);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
@@ -189,7 +189,7 @@ RsaGenerateKey (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
|
||||
if ((RsaContext == NULL) || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -205,13 +205,13 @@ RsaGenerateKey (
|
||||
goto _Exit;
|
||||
}
|
||||
} else {
|
||||
if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {
|
||||
if (BN_bin2bn (PublicExponent, (UINT32)PublicExponentSize, KeyE) == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
}
|
||||
|
||||
if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
|
||||
RetVal = TRUE;
|
||||
if (RSA_generate_key_ex ((RSA *)RsaContext, (UINT32)ModulusLength, KeyE, NULL) == 1) {
|
||||
RetVal = TRUE;
|
||||
}
|
||||
|
||||
_Exit:
|
||||
@@ -253,12 +253,13 @@ RsaCheckKey (
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (RSA_check_key ((RSA *) RsaContext) != 1) {
|
||||
if (RSA_check_key ((RSA *)RsaContext) != 1) {
|
||||
Reason = ERR_GET_REASON (ERR_peek_last_error ());
|
||||
if (Reason == RSA_R_P_NOT_PRIME ||
|
||||
Reason == RSA_R_Q_NOT_PRIME ||
|
||||
Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
|
||||
Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
|
||||
if ((Reason == RSA_R_P_NOT_PRIME) ||
|
||||
(Reason == RSA_R_Q_NOT_PRIME) ||
|
||||
(Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q) ||
|
||||
(Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
@@ -301,18 +302,18 @@ RsaPkcs1Sign (
|
||||
IN OUT UINTN *SigSize
|
||||
)
|
||||
{
|
||||
RSA *Rsa;
|
||||
UINTN Size;
|
||||
INT32 DigestType;
|
||||
RSA *Rsa;
|
||||
UINTN Size;
|
||||
INT32 DigestType;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (RsaContext == NULL || MessageHash == NULL) {
|
||||
if ((RsaContext == NULL) || (MessageHash == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Rsa = (RSA *) RsaContext;
|
||||
Rsa = (RSA *)RsaContext;
|
||||
Size = RSA_size (Rsa);
|
||||
|
||||
if (*SigSize < Size) {
|
||||
@@ -329,36 +330,36 @@ RsaPkcs1Sign (
|
||||
// Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
|
||||
//
|
||||
switch (HashSize) {
|
||||
case MD5_DIGEST_SIZE:
|
||||
DigestType = NID_md5;
|
||||
break;
|
||||
case MD5_DIGEST_SIZE:
|
||||
DigestType = NID_md5;
|
||||
break;
|
||||
|
||||
case SHA1_DIGEST_SIZE:
|
||||
DigestType = NID_sha1;
|
||||
break;
|
||||
case SHA1_DIGEST_SIZE:
|
||||
DigestType = NID_sha1;
|
||||
break;
|
||||
|
||||
case SHA256_DIGEST_SIZE:
|
||||
DigestType = NID_sha256;
|
||||
break;
|
||||
case SHA256_DIGEST_SIZE:
|
||||
DigestType = NID_sha256;
|
||||
break;
|
||||
|
||||
case SHA384_DIGEST_SIZE:
|
||||
DigestType = NID_sha384;
|
||||
break;
|
||||
case SHA384_DIGEST_SIZE:
|
||||
DigestType = NID_sha384;
|
||||
break;
|
||||
|
||||
case SHA512_DIGEST_SIZE:
|
||||
DigestType = NID_sha512;
|
||||
break;
|
||||
case SHA512_DIGEST_SIZE:
|
||||
DigestType = NID_sha512;
|
||||
break;
|
||||
|
||||
default:
|
||||
return FALSE;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return (BOOLEAN) RSA_sign (
|
||||
DigestType,
|
||||
MessageHash,
|
||||
(UINT32) HashSize,
|
||||
Signature,
|
||||
(UINT32 *) SigSize,
|
||||
(RSA *) RsaContext
|
||||
);
|
||||
return (BOOLEAN)RSA_sign (
|
||||
DigestType,
|
||||
MessageHash,
|
||||
(UINT32)HashSize,
|
||||
Signature,
|
||||
(UINT32 *)SigSize,
|
||||
(RSA *)RsaContext
|
||||
);
|
||||
}
|
||||
|
@@ -115,5 +115,3 @@ RsaPkcs1Sign (
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
|
@@ -16,7 +16,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
|
||||
|
||||
/**
|
||||
Retrieve a pointer to EVP message digest object.
|
||||
|
||||
@@ -25,27 +24,26 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
**/
|
||||
STATIC
|
||||
const
|
||||
EVP_MD*
|
||||
EVP_MD *
|
||||
GetEvpMD (
|
||||
IN UINT16 DigestLen
|
||||
IN UINT16 DigestLen
|
||||
)
|
||||
{
|
||||
switch (DigestLen){
|
||||
switch (DigestLen) {
|
||||
case SHA256_DIGEST_SIZE:
|
||||
return EVP_sha256();
|
||||
return EVP_sha256 ();
|
||||
break;
|
||||
case SHA384_DIGEST_SIZE:
|
||||
return EVP_sha384();
|
||||
return EVP_sha384 ();
|
||||
break;
|
||||
case SHA512_DIGEST_SIZE:
|
||||
return EVP_sha512();
|
||||
return EVP_sha512 ();
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
|
||||
Implementation determines salt length automatically from the signature encoding.
|
||||
@@ -76,76 +74,84 @@ RsaPssVerify (
|
||||
IN UINT16 SaltLen
|
||||
)
|
||||
{
|
||||
BOOLEAN Result;
|
||||
EVP_PKEY *EvpRsaKey;
|
||||
EVP_MD_CTX *EvpVerifyCtx;
|
||||
EVP_PKEY_CTX *KeyCtx;
|
||||
BOOLEAN Result;
|
||||
EVP_PKEY *EvpRsaKey;
|
||||
EVP_MD_CTX *EvpVerifyCtx;
|
||||
EVP_PKEY_CTX *KeyCtx;
|
||||
CONST EVP_MD *HashAlg;
|
||||
|
||||
Result = FALSE;
|
||||
EvpRsaKey = NULL;
|
||||
Result = FALSE;
|
||||
EvpRsaKey = NULL;
|
||||
EvpVerifyCtx = NULL;
|
||||
KeyCtx = NULL;
|
||||
HashAlg = NULL;
|
||||
KeyCtx = NULL;
|
||||
HashAlg = NULL;
|
||||
|
||||
if (RsaContext == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
if (Message == NULL || MsgSize == 0 || MsgSize > INT_MAX) {
|
||||
|
||||
if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
if (Signature == NULL || SigSize == 0 || SigSize > INT_MAX) {
|
||||
|
||||
if ((Signature == NULL) || (SigSize == 0) || (SigSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (SaltLen != DigestLen) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
HashAlg = GetEvpMD(DigestLen);
|
||||
HashAlg = GetEvpMD (DigestLen);
|
||||
|
||||
if (HashAlg == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
EvpRsaKey = EVP_PKEY_new();
|
||||
EvpRsaKey = EVP_PKEY_new ();
|
||||
if (EvpRsaKey == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
EVP_PKEY_set1_RSA(EvpRsaKey, RsaContext);
|
||||
EVP_PKEY_set1_RSA (EvpRsaKey, RsaContext);
|
||||
|
||||
EvpVerifyCtx = EVP_MD_CTX_create();
|
||||
EvpVerifyCtx = EVP_MD_CTX_create ();
|
||||
if (EvpVerifyCtx == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Result = EVP_DigestVerifyInit(EvpVerifyCtx, &KeyCtx, HashAlg, NULL, EvpRsaKey) > 0;
|
||||
Result = EVP_DigestVerifyInit (EvpVerifyCtx, &KeyCtx, HashAlg, NULL, EvpRsaKey) > 0;
|
||||
if (KeyCtx == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_padding(KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_pss_saltlen(KeyCtx, SaltLen) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_mgf1_md(KeyCtx, HashAlg) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_DigestVerifyUpdate(EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_DigestVerifyFinal(EvpVerifyCtx, Signature, (UINT32)SigSize) > 0;
|
||||
Result = EVP_PKEY_CTX_set_rsa_padding (KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
|
||||
}
|
||||
|
||||
_Exit :
|
||||
if (EvpRsaKey != NULL) {
|
||||
EVP_PKEY_free(EvpRsaKey);
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_pss_saltlen (KeyCtx, SaltLen) > 0;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_mgf1_md (KeyCtx, HashAlg) > 0;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_DigestVerifyUpdate (EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_DigestVerifyFinal (EvpVerifyCtx, Signature, (UINT32)SigSize) > 0;
|
||||
}
|
||||
|
||||
_Exit:
|
||||
if (EvpRsaKey != NULL) {
|
||||
EVP_PKEY_free (EvpRsaKey);
|
||||
}
|
||||
|
||||
if (EvpVerifyCtx != NULL) {
|
||||
EVP_MD_CTX_destroy(EvpVerifyCtx);
|
||||
EVP_MD_CTX_destroy (EvpVerifyCtx);
|
||||
}
|
||||
|
||||
return Result;
|
||||
|
@@ -16,7 +16,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
|
||||
|
||||
/**
|
||||
Retrieve a pointer to EVP message digest object.
|
||||
|
||||
@@ -25,27 +24,26 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
**/
|
||||
STATIC
|
||||
const
|
||||
EVP_MD*
|
||||
EVP_MD *
|
||||
GetEvpMD (
|
||||
IN UINT16 DigestLen
|
||||
IN UINT16 DigestLen
|
||||
)
|
||||
{
|
||||
switch (DigestLen){
|
||||
switch (DigestLen) {
|
||||
case SHA256_DIGEST_SIZE:
|
||||
return EVP_sha256();
|
||||
return EVP_sha256 ();
|
||||
break;
|
||||
case SHA384_DIGEST_SIZE:
|
||||
return EVP_sha384();
|
||||
return EVP_sha384 ();
|
||||
break;
|
||||
case SHA512_DIGEST_SIZE:
|
||||
return EVP_sha512();
|
||||
return EVP_sha512 ();
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme.
|
||||
|
||||
@@ -90,23 +88,24 @@ RsaPssSign (
|
||||
IN OUT UINTN *SigSize
|
||||
)
|
||||
{
|
||||
BOOLEAN Result;
|
||||
UINTN RsaSigSize;
|
||||
EVP_PKEY *EvpRsaKey;
|
||||
EVP_MD_CTX *EvpVerifyCtx;
|
||||
EVP_PKEY_CTX *KeyCtx;
|
||||
CONST EVP_MD *HashAlg;
|
||||
BOOLEAN Result;
|
||||
UINTN RsaSigSize;
|
||||
EVP_PKEY *EvpRsaKey;
|
||||
EVP_MD_CTX *EvpVerifyCtx;
|
||||
EVP_PKEY_CTX *KeyCtx;
|
||||
CONST EVP_MD *HashAlg;
|
||||
|
||||
Result = FALSE;
|
||||
EvpRsaKey = NULL;
|
||||
Result = FALSE;
|
||||
EvpRsaKey = NULL;
|
||||
EvpVerifyCtx = NULL;
|
||||
KeyCtx = NULL;
|
||||
HashAlg = NULL;
|
||||
KeyCtx = NULL;
|
||||
HashAlg = NULL;
|
||||
|
||||
if (RsaContext == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
if (Message == NULL || MsgSize == 0 || MsgSize > INT_MAX) {
|
||||
|
||||
if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -124,51 +123,56 @@ RsaPssSign (
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
HashAlg = GetEvpMD(DigestLen);
|
||||
HashAlg = GetEvpMD (DigestLen);
|
||||
|
||||
if (HashAlg == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
EvpRsaKey = EVP_PKEY_new();
|
||||
EvpRsaKey = EVP_PKEY_new ();
|
||||
if (EvpRsaKey == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
EVP_PKEY_set1_RSA(EvpRsaKey, RsaContext);
|
||||
EVP_PKEY_set1_RSA (EvpRsaKey, RsaContext);
|
||||
|
||||
EvpVerifyCtx = EVP_MD_CTX_create();
|
||||
EvpVerifyCtx = EVP_MD_CTX_create ();
|
||||
if (EvpVerifyCtx == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Result = EVP_DigestSignInit(EvpVerifyCtx, &KeyCtx, HashAlg, NULL, EvpRsaKey) > 0;
|
||||
Result = EVP_DigestSignInit (EvpVerifyCtx, &KeyCtx, HashAlg, NULL, EvpRsaKey) > 0;
|
||||
if (KeyCtx == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_padding(KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_pss_saltlen(KeyCtx, SaltLen) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_mgf1_md(KeyCtx, HashAlg) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_DigestSignUpdate(EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
|
||||
}
|
||||
if (Result) {
|
||||
Result = EVP_DigestSignFinal(EvpVerifyCtx, Signature, SigSize) > 0;
|
||||
Result = EVP_PKEY_CTX_set_rsa_padding (KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
|
||||
}
|
||||
|
||||
_Exit :
|
||||
if (EvpRsaKey != NULL) {
|
||||
EVP_PKEY_free(EvpRsaKey);
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_pss_saltlen (KeyCtx, SaltLen) > 0;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_PKEY_CTX_set_rsa_mgf1_md (KeyCtx, HashAlg) > 0;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_DigestSignUpdate (EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
|
||||
}
|
||||
|
||||
if (Result) {
|
||||
Result = EVP_DigestSignFinal (EvpVerifyCtx, Signature, SigSize) > 0;
|
||||
}
|
||||
|
||||
_Exit:
|
||||
if (EvpRsaKey != NULL) {
|
||||
EVP_PKEY_free (EvpRsaKey);
|
||||
}
|
||||
|
||||
if (EvpVerifyCtx != NULL) {
|
||||
EVP_MD_CTX_destroy(EvpVerifyCtx);
|
||||
EVP_MD_CTX_destroy (EvpVerifyCtx);
|
||||
}
|
||||
|
||||
return Result;
|
||||
|
@@ -21,9 +21,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
//
|
||||
// OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1")
|
||||
//
|
||||
UINT8 mSpcRFC3161OidValue[] = {
|
||||
UINT8 mSpcRFC3161OidValue[] = {
|
||||
0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01
|
||||
};
|
||||
};
|
||||
|
||||
///
|
||||
/// The messageImprint field SHOULD contain the hash of the datum to be
|
||||
@@ -36,8 +36,8 @@ UINT8 mSpcRFC3161OidValue[] = {
|
||||
/// hashedMessage OCTET STRING }
|
||||
///
|
||||
typedef struct {
|
||||
X509_ALGOR *HashAlgorithm;
|
||||
ASN1_OCTET_STRING *HashedMessage;
|
||||
X509_ALGOR *HashAlgorithm;
|
||||
ASN1_OCTET_STRING *HashedMessage;
|
||||
} TS_MESSAGE_IMPRINT;
|
||||
|
||||
//
|
||||
@@ -60,9 +60,9 @@ IMPLEMENT_ASN1_FUNCTIONS (TS_MESSAGE_IMPRINT)
|
||||
/// micros [1] INTEGER (1..999) OPTIONAL }
|
||||
///
|
||||
typedef struct {
|
||||
ASN1_INTEGER *Seconds;
|
||||
ASN1_INTEGER *Millis;
|
||||
ASN1_INTEGER *Micros;
|
||||
ASN1_INTEGER *Seconds;
|
||||
ASN1_INTEGER *Millis;
|
||||
ASN1_INTEGER *Micros;
|
||||
} TS_ACCURACY;
|
||||
|
||||
//
|
||||
@@ -70,7 +70,7 @@ typedef struct {
|
||||
//
|
||||
DECLARE_ASN1_FUNCTIONS (TS_ACCURACY)
|
||||
ASN1_SEQUENCE (TS_ACCURACY) = {
|
||||
ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER),
|
||||
ASN1_OPT (TS_ACCURACY, Seconds, ASN1_INTEGER),
|
||||
ASN1_IMP_OPT (TS_ACCURACY, Millis, ASN1_INTEGER, 0),
|
||||
ASN1_IMP_OPT (TS_ACCURACY, Micros, ASN1_INTEGER, 1)
|
||||
} ASN1_SEQUENCE_END (TS_ACCURACY)
|
||||
@@ -99,16 +99,16 @@ IMPLEMENT_ASN1_FUNCTIONS (TS_ACCURACY)
|
||||
/// extensions [1] IMPLICIT Extensions OPTIONAL }
|
||||
///
|
||||
typedef struct {
|
||||
ASN1_INTEGER *Version;
|
||||
ASN1_OBJECT *Policy;
|
||||
TS_MESSAGE_IMPRINT *MessageImprint;
|
||||
ASN1_INTEGER *SerialNumber;
|
||||
ASN1_GENERALIZEDTIME *GenTime;
|
||||
TS_ACCURACY *Accuracy;
|
||||
ASN1_BOOLEAN Ordering;
|
||||
ASN1_INTEGER *Nonce;
|
||||
GENERAL_NAME *Tsa;
|
||||
STACK_OF(X509_EXTENSION) *Extensions;
|
||||
ASN1_INTEGER *Version;
|
||||
ASN1_OBJECT *Policy;
|
||||
TS_MESSAGE_IMPRINT *MessageImprint;
|
||||
ASN1_INTEGER *SerialNumber;
|
||||
ASN1_GENERALIZEDTIME *GenTime;
|
||||
TS_ACCURACY *Accuracy;
|
||||
ASN1_BOOLEAN Ordering;
|
||||
ASN1_INTEGER *Nonce;
|
||||
GENERAL_NAME *Tsa;
|
||||
STACK_OF (X509_EXTENSION) *Extensions;
|
||||
} TS_TST_INFO;
|
||||
|
||||
//
|
||||
@@ -116,20 +116,19 @@ typedef struct {
|
||||
//
|
||||
DECLARE_ASN1_FUNCTIONS (TS_TST_INFO)
|
||||
ASN1_SEQUENCE (TS_TST_INFO) = {
|
||||
ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER),
|
||||
ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT),
|
||||
ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRINT),
|
||||
ASN1_SIMPLE (TS_TST_INFO, SerialNumber, ASN1_INTEGER),
|
||||
ASN1_SIMPLE (TS_TST_INFO, GenTime, ASN1_GENERALIZEDTIME),
|
||||
ASN1_OPT (TS_TST_INFO, Accuracy, TS_ACCURACY),
|
||||
ASN1_OPT (TS_TST_INFO, Ordering, ASN1_FBOOLEAN),
|
||||
ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER),
|
||||
ASN1_EXP_OPT(TS_TST_INFO, Tsa, GENERAL_NAME, 0),
|
||||
ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, 1)
|
||||
ASN1_SIMPLE (TS_TST_INFO, Version, ASN1_INTEGER),
|
||||
ASN1_SIMPLE (TS_TST_INFO, Policy, ASN1_OBJECT),
|
||||
ASN1_SIMPLE (TS_TST_INFO, MessageImprint, TS_MESSAGE_IMPRINT),
|
||||
ASN1_SIMPLE (TS_TST_INFO, SerialNumber, ASN1_INTEGER),
|
||||
ASN1_SIMPLE (TS_TST_INFO, GenTime, ASN1_GENERALIZEDTIME),
|
||||
ASN1_OPT (TS_TST_INFO, Accuracy, TS_ACCURACY),
|
||||
ASN1_OPT (TS_TST_INFO, Ordering, ASN1_FBOOLEAN),
|
||||
ASN1_OPT (TS_TST_INFO, Nonce, ASN1_INTEGER),
|
||||
ASN1_EXP_OPT (TS_TST_INFO, Tsa, GENERAL_NAME, 0),
|
||||
ASN1_IMP_SEQUENCE_OF_OPT (TS_TST_INFO, Extensions, X509_EXTENSION, 1)
|
||||
} ASN1_SEQUENCE_END (TS_TST_INFO)
|
||||
IMPLEMENT_ASN1_FUNCTIONS (TS_TST_INFO)
|
||||
|
||||
|
||||
/**
|
||||
Convert ASN.1 GeneralizedTime to EFI Time.
|
||||
|
||||
@@ -154,17 +153,19 @@ ConvertAsn1TimeToEfiTime (
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Str = (CONST CHAR8*)Asn1Time->data;
|
||||
Str = (CONST CHAR8 *)Asn1Time->data;
|
||||
SetMem (EfiTime, sizeof (EFI_TIME), 0);
|
||||
|
||||
Index = 0;
|
||||
if (Asn1Time->type == V_ASN1_UTCTIME) { /* two digit year */
|
||||
if (Asn1Time->type == V_ASN1_UTCTIME) {
|
||||
/* two digit year */
|
||||
EfiTime->Year = (Str[Index++] - '0') * 10;
|
||||
EfiTime->Year += (Str[Index++] - '0');
|
||||
if (EfiTime->Year < 70) {
|
||||
EfiTime->Year += 100;
|
||||
}
|
||||
} else if (Asn1Time->type == V_ASN1_GENERALIZEDTIME) { /* four digit year */
|
||||
} else if (Asn1Time->type == V_ASN1_GENERALIZEDTIME) {
|
||||
/* four digit year */
|
||||
EfiTime->Year = (Str[Index++] - '0') * 1000;
|
||||
EfiTime->Year += (Str[Index++] - '0') * 100;
|
||||
EfiTime->Year += (Str[Index++] - '0') * 10;
|
||||
@@ -174,20 +175,20 @@ ConvertAsn1TimeToEfiTime (
|
||||
}
|
||||
}
|
||||
|
||||
EfiTime->Month = (Str[Index++] - '0') * 10;
|
||||
EfiTime->Month += (Str[Index++] - '0');
|
||||
EfiTime->Month = (Str[Index++] - '0') * 10;
|
||||
EfiTime->Month += (Str[Index++] - '0');
|
||||
if ((EfiTime->Month < 1) || (EfiTime->Month > 12)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
EfiTime->Day = (Str[Index++] - '0') * 10;
|
||||
EfiTime->Day += (Str[Index++] - '0');
|
||||
EfiTime->Day = (Str[Index++] - '0') * 10;
|
||||
EfiTime->Day += (Str[Index++] - '0');
|
||||
if ((EfiTime->Day < 1) || (EfiTime->Day > 31)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
EfiTime->Hour = (Str[Index++] - '0') * 10;
|
||||
EfiTime->Hour += (Str[Index++] - '0');
|
||||
EfiTime->Hour = (Str[Index++] - '0') * 10;
|
||||
EfiTime->Hour += (Str[Index++] - '0');
|
||||
if (EfiTime->Hour > 23) {
|
||||
return FALSE;
|
||||
}
|
||||
@@ -275,22 +276,27 @@ CheckTSTInfo (
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
MdSize = EVP_MD_size (Md);
|
||||
MdSize = EVP_MD_size (Md);
|
||||
HashedMsg = AllocateZeroPool (MdSize);
|
||||
if (HashedMsg == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
MdCtx = EVP_MD_CTX_new ();
|
||||
if (MdCtx == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) ||
|
||||
(EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) ||
|
||||
(EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) {
|
||||
(EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1))
|
||||
{
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&
|
||||
(CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) {
|
||||
(CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0))
|
||||
{
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
@@ -376,7 +382,8 @@ TimestampTokenVerify (
|
||||
// Check input parameters
|
||||
//
|
||||
if ((TSToken == NULL) || (TsaCert == NULL) || (TimestampedData == NULL) ||
|
||||
(TokenSize > INT_MAX) || (CertSize > INT_MAX) || (DataSize > INT_MAX)) {
|
||||
(TokenSize > INT_MAX) || (CertSize > INT_MAX) || (DataSize > INT_MAX))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -386,6 +393,7 @@ TimestampTokenVerify (
|
||||
if (SigningTime != NULL) {
|
||||
SetMem (SigningTime, sizeof (EFI_TIME), 0);
|
||||
}
|
||||
|
||||
Pkcs7 = NULL;
|
||||
Cert = NULL;
|
||||
CertStore = NULL;
|
||||
@@ -397,7 +405,7 @@ TimestampTokenVerify (
|
||||
// TimeStamp Token should contain one valid DER-encoded ASN.1 PKCS#7 structure.
|
||||
//
|
||||
TokenTemp = TSToken;
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &TokenTemp, (int) TokenSize);
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&TokenTemp, (int)TokenSize);
|
||||
if (Pkcs7 == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -413,7 +421,7 @@ TimestampTokenVerify (
|
||||
// Read the trusted TSA certificate (DER-encoded), and Construct X509 Certificate.
|
||||
//
|
||||
CertTemp = TsaCert;
|
||||
Cert = d2i_X509 (NULL, &CertTemp, (long) CertSize);
|
||||
Cert = d2i_X509 (NULL, &CertTemp, (long)CertSize);
|
||||
if (Cert == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -430,8 +438,10 @@ TimestampTokenVerify (
|
||||
// Allow partial certificate chains, terminated by a non-self-signed but
|
||||
// still trusted intermediate certificate. Also disable time checks.
|
||||
//
|
||||
X509_STORE_set_flags (CertStore,
|
||||
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
|
||||
X509_STORE_set_flags (
|
||||
CertStore,
|
||||
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
|
||||
);
|
||||
|
||||
X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
|
||||
|
||||
@@ -442,6 +452,7 @@ TimestampTokenVerify (
|
||||
if (OutBio == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (!PKCS7_verify (Pkcs7, NULL, CertStore, NULL, OutBio, PKCS7_BINARY)) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -453,14 +464,18 @@ TimestampTokenVerify (
|
||||
if (TstData == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
TstSize = BIO_read (OutBio, (void *) TstData, 2048);
|
||||
|
||||
TstSize = BIO_read (OutBio, (void *)TstData, 2048);
|
||||
|
||||
//
|
||||
// Construct TS_TST_INFO structure from the signed contents.
|
||||
//
|
||||
TstTemp = TstData;
|
||||
TstInfo = d2i_TS_TST_INFO (NULL, (const unsigned char **) &TstTemp,
|
||||
(int)TstSize);
|
||||
TstInfo = d2i_TS_TST_INFO (
|
||||
NULL,
|
||||
(const unsigned char **)&TstTemp,
|
||||
(int)TstSize
|
||||
);
|
||||
if (TstInfo == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -527,19 +542,21 @@ ImageTimestampVerify (
|
||||
OUT EFI_TIME *SigningTime
|
||||
)
|
||||
{
|
||||
BOOLEAN Status;
|
||||
PKCS7 *Pkcs7;
|
||||
CONST UINT8 *Temp;
|
||||
STACK_OF(PKCS7_SIGNER_INFO) *SignerInfos;
|
||||
PKCS7_SIGNER_INFO *SignInfo;
|
||||
UINTN Index;
|
||||
STACK_OF(X509_ATTRIBUTE) *Sk;
|
||||
X509_ATTRIBUTE *Xa;
|
||||
ASN1_OBJECT *XaObj;
|
||||
ASN1_TYPE *Asn1Type;
|
||||
ASN1_OCTET_STRING *EncDigest;
|
||||
UINT8 *TSToken;
|
||||
UINTN TokenSize;
|
||||
BOOLEAN Status;
|
||||
PKCS7 *Pkcs7;
|
||||
CONST UINT8 *Temp;
|
||||
|
||||
STACK_OF (PKCS7_SIGNER_INFO) *SignerInfos;
|
||||
PKCS7_SIGNER_INFO *SignInfo;
|
||||
UINTN Index;
|
||||
|
||||
STACK_OF (X509_ATTRIBUTE) *Sk;
|
||||
X509_ATTRIBUTE *Xa;
|
||||
ASN1_OBJECT *XaObj;
|
||||
ASN1_TYPE *Asn1Type;
|
||||
ASN1_OCTET_STRING *EncDigest;
|
||||
UINT8 *TSToken;
|
||||
UINTN TokenSize;
|
||||
|
||||
//
|
||||
// Input Parameters Checking.
|
||||
@@ -556,22 +573,23 @@ ImageTimestampVerify (
|
||||
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
|
||||
//
|
||||
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) == 0) ||
|
||||
(EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0) {
|
||||
(EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// Initialization.
|
||||
//
|
||||
Status = FALSE;
|
||||
Pkcs7 = NULL;
|
||||
SignInfo = NULL;
|
||||
Status = FALSE;
|
||||
Pkcs7 = NULL;
|
||||
SignInfo = NULL;
|
||||
|
||||
//
|
||||
// Decode ASN.1-encoded Authenticode data into PKCS7 structure.
|
||||
//
|
||||
Temp = AuthData;
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) DataSize);
|
||||
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)DataSize);
|
||||
if (Pkcs7 == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -605,12 +623,13 @@ ImageTimestampVerify (
|
||||
// of SignerInfo.
|
||||
//
|
||||
Sk = SignInfo->unauth_attr;
|
||||
if (Sk == NULL) { // No timestamp counterSignature.
|
||||
if (Sk == NULL) {
|
||||
// No timestamp counterSignature.
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
Asn1Type = NULL;
|
||||
for (Index = 0; Index < (UINTN) sk_X509_ATTRIBUTE_num (Sk); Index++) {
|
||||
for (Index = 0; Index < (UINTN)sk_X509_ATTRIBUTE_num (Sk); Index++) {
|
||||
//
|
||||
// Search valid RFC3161 timestamp counterSignature based on OBJID.
|
||||
//
|
||||
@@ -618,21 +637,26 @@ ImageTimestampVerify (
|
||||
if (Xa == NULL) {
|
||||
continue;
|
||||
}
|
||||
XaObj = X509_ATTRIBUTE_get0_object(Xa);
|
||||
|
||||
XaObj = X509_ATTRIBUTE_get0_object (Xa);
|
||||
if (XaObj == NULL) {
|
||||
continue;
|
||||
}
|
||||
if ((OBJ_length(XaObj) != sizeof (mSpcRFC3161OidValue)) ||
|
||||
(CompareMem (OBJ_get0_data(XaObj), mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0)) {
|
||||
|
||||
if ((OBJ_length (XaObj) != sizeof (mSpcRFC3161OidValue)) ||
|
||||
(CompareMem (OBJ_get0_data (XaObj), mSpcRFC3161OidValue, sizeof (mSpcRFC3161OidValue)) != 0))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
Asn1Type = X509_ATTRIBUTE_get0_type(Xa, 0);
|
||||
|
||||
Asn1Type = X509_ATTRIBUTE_get0_type (Xa, 0);
|
||||
}
|
||||
|
||||
if (Asn1Type == NULL) {
|
||||
Status = FALSE;
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
TSToken = Asn1Type->value.octet_string->data;
|
||||
TokenSize = Asn1Type->value.octet_string->length;
|
||||
|
||||
|
@@ -38,7 +38,7 @@ X509ConstructCertificate (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Cert == NULL || SingleX509Cert == NULL || CertSize > INT_MAX) {
|
||||
if ((Cert == NULL) || (SingleX509Cert == NULL) || (CertSize > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -46,12 +46,12 @@ X509ConstructCertificate (
|
||||
// Read DER-encoded X509 Certificate and Construct X509 object.
|
||||
//
|
||||
Temp = Cert;
|
||||
X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
|
||||
X509Cert = d2i_X509 (NULL, &Temp, (long)CertSize);
|
||||
if (X509Cert == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
*SingleX509Cert = (UINT8 *) X509Cert;
|
||||
*SingleX509Cert = (UINT8 *)X509Cert;
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
@@ -82,12 +82,13 @@ X509ConstructCertificateStackV (
|
||||
IN VA_LIST Args
|
||||
)
|
||||
{
|
||||
UINT8 *Cert;
|
||||
UINTN CertSize;
|
||||
X509 *X509Cert;
|
||||
STACK_OF(X509) *CertStack;
|
||||
BOOLEAN Status;
|
||||
UINTN Index;
|
||||
UINT8 *Cert;
|
||||
UINTN CertSize;
|
||||
X509 *X509Cert;
|
||||
|
||||
STACK_OF (X509) *CertStack;
|
||||
BOOLEAN Status;
|
||||
UINTN Index;
|
||||
|
||||
//
|
||||
// Check input parameters.
|
||||
@@ -101,7 +102,7 @@ X509ConstructCertificateStackV (
|
||||
//
|
||||
// Initialize X509 stack object.
|
||||
//
|
||||
CertStack = (STACK_OF(X509) *) (*X509Stack);
|
||||
CertStack = (STACK_OF (X509) *)(*X509Stack);
|
||||
if (CertStack == NULL) {
|
||||
CertStack = sk_X509_new_null ();
|
||||
if (CertStack == NULL) {
|
||||
@@ -127,15 +128,16 @@ X509ConstructCertificateStackV (
|
||||
// Construct X509 Object from the given DER-encoded certificate data.
|
||||
//
|
||||
X509Cert = NULL;
|
||||
Status = X509ConstructCertificate (
|
||||
(CONST UINT8 *) Cert,
|
||||
CertSize,
|
||||
(UINT8 **) &X509Cert
|
||||
);
|
||||
Status = X509ConstructCertificate (
|
||||
(CONST UINT8 *)Cert,
|
||||
CertSize,
|
||||
(UINT8 **)&X509Cert
|
||||
);
|
||||
if (!Status) {
|
||||
if (X509Cert != NULL) {
|
||||
X509_free (X509Cert);
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -148,7 +150,7 @@ X509ConstructCertificateStackV (
|
||||
if (!Status) {
|
||||
sk_X509_pop_free (CertStack, X509_free);
|
||||
} else {
|
||||
*X509Stack = (UINT8 *) CertStack;
|
||||
*X509Stack = (UINT8 *)CertStack;
|
||||
}
|
||||
|
||||
return Status;
|
||||
@@ -210,7 +212,7 @@ X509Free (
|
||||
//
|
||||
// Free OpenSSL X509 object.
|
||||
//
|
||||
X509_free ((X509 *) X509Cert);
|
||||
X509_free ((X509 *)X509Cert);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -237,7 +239,7 @@ X509StackFree (
|
||||
//
|
||||
// Free OpenSSL X509 stack object.
|
||||
//
|
||||
sk_X509_pop_free ((STACK_OF(X509) *) X509Stack, X509_free);
|
||||
sk_X509_pop_free ((STACK_OF (X509) *) X509Stack, X509_free);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -274,7 +276,7 @@ X509GetSubjectName (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Cert == NULL || SubjectSize == NULL) {
|
||||
if ((Cert == NULL) || (SubjectSize == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -283,7 +285,7 @@ X509GetSubjectName (
|
||||
//
|
||||
// Read DER-encoded X509 Certificate and Construct X509 object.
|
||||
//
|
||||
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
|
||||
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
|
||||
if ((X509Cert == NULL) || (!Status)) {
|
||||
Status = FALSE;
|
||||
goto _Exit;
|
||||
@@ -299,14 +301,15 @@ X509GetSubjectName (
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
X509NameSize = i2d_X509_NAME(X509Name, NULL);
|
||||
X509NameSize = i2d_X509_NAME (X509Name, NULL);
|
||||
if (*SubjectSize < X509NameSize) {
|
||||
*SubjectSize = X509NameSize;
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
*SubjectSize = X509NameSize;
|
||||
if (CertSubject != NULL) {
|
||||
i2d_X509_NAME(X509Name, &CertSubject);
|
||||
i2d_X509_NAME (X509Name, &CertSubject);
|
||||
Status = TRUE;
|
||||
}
|
||||
|
||||
@@ -351,11 +354,11 @@ _Exit:
|
||||
STATIC
|
||||
RETURN_STATUS
|
||||
InternalX509GetNIDName (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
IN INT32 Request_NID,
|
||||
OUT CHAR8 *CommonName OPTIONAL,
|
||||
IN OUT UINTN *CommonNameSize
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
IN INT32 Request_NID,
|
||||
OUT CHAR8 *CommonName OPTIONAL,
|
||||
IN OUT UINTN *CommonNameSize
|
||||
)
|
||||
{
|
||||
RETURN_STATUS ReturnStatus;
|
||||
@@ -377,6 +380,7 @@ InternalX509GetNIDName (
|
||||
if ((Cert == NULL) || (CertSize > INT_MAX) || (CommonNameSize == NULL)) {
|
||||
return ReturnStatus;
|
||||
}
|
||||
|
||||
if ((CommonName != NULL) && (*CommonNameSize == 0)) {
|
||||
return ReturnStatus;
|
||||
}
|
||||
@@ -385,7 +389,7 @@ InternalX509GetNIDName (
|
||||
//
|
||||
// Read DER-encoded X509 Certificate and Construct X509 object.
|
||||
//
|
||||
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
|
||||
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
|
||||
if ((X509Cert == NULL) || (!Status)) {
|
||||
//
|
||||
// Invalid X.509 Certificate
|
||||
@@ -443,12 +447,12 @@ InternalX509GetNIDName (
|
||||
|
||||
if (CommonName == NULL) {
|
||||
*CommonNameSize = Length + 1;
|
||||
ReturnStatus = RETURN_BUFFER_TOO_SMALL;
|
||||
ReturnStatus = RETURN_BUFFER_TOO_SMALL;
|
||||
} else {
|
||||
*CommonNameSize = MIN ((UINTN)Length, *CommonNameSize - 1) + 1;
|
||||
CopyMem (CommonName, UTF8Name, *CommonNameSize - 1);
|
||||
CommonName[*CommonNameSize - 1] = '\0';
|
||||
ReturnStatus = RETURN_SUCCESS;
|
||||
ReturnStatus = RETURN_SUCCESS;
|
||||
}
|
||||
|
||||
_Exit:
|
||||
@@ -458,6 +462,7 @@ _Exit:
|
||||
if (X509Cert != NULL) {
|
||||
X509_free (X509Cert);
|
||||
}
|
||||
|
||||
if (UTF8Name != NULL) {
|
||||
OPENSSL_free (UTF8Name);
|
||||
}
|
||||
@@ -532,10 +537,10 @@ X509GetCommonName (
|
||||
RETURN_STATUS
|
||||
EFIAPI
|
||||
X509GetOrganizationName (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT CHAR8 *NameBuffer OPTIONAL,
|
||||
IN OUT UINTN *NameBufferSize
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT CHAR8 *NameBuffer OPTIONAL,
|
||||
IN OUT UINTN *NameBufferSize
|
||||
)
|
||||
{
|
||||
return InternalX509GetNIDName (Cert, CertSize, NID_organizationName, NameBuffer, NameBufferSize);
|
||||
@@ -572,7 +577,7 @@ RsaGetPublicKeyFromX509 (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Cert == NULL || RsaContext == NULL) {
|
||||
if ((Cert == NULL) || (RsaContext == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -582,7 +587,7 @@ RsaGetPublicKeyFromX509 (
|
||||
//
|
||||
// Read DER-encoded X509 Certificate and Construct X509 object.
|
||||
//
|
||||
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
|
||||
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
|
||||
if ((X509Cert == NULL) || (!Status)) {
|
||||
Status = FALSE;
|
||||
goto _Exit;
|
||||
@@ -654,7 +659,7 @@ X509VerifyCert (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Cert == NULL || CACert == NULL) {
|
||||
if ((Cert == NULL) || (CACert == NULL)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -670,9 +675,11 @@ X509VerifyCert (
|
||||
if (EVP_add_digest (EVP_md5 ()) == 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (EVP_add_digest (EVP_sha1 ()) == 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (EVP_add_digest (EVP_sha256 ()) == 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -680,7 +687,7 @@ X509VerifyCert (
|
||||
//
|
||||
// Read DER-encoded certificate to be verified and Construct X509 object.
|
||||
//
|
||||
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
|
||||
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert);
|
||||
if ((X509Cert == NULL) || (!Status)) {
|
||||
Status = FALSE;
|
||||
goto _Exit;
|
||||
@@ -689,7 +696,7 @@ X509VerifyCert (
|
||||
//
|
||||
// Read DER-encoded root certificate and Construct X509 object.
|
||||
//
|
||||
Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);
|
||||
Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **)&X509CACert);
|
||||
if ((X509CACert == NULL) || (!Status)) {
|
||||
Status = FALSE;
|
||||
goto _Exit;
|
||||
@@ -704,6 +711,7 @@ X509VerifyCert (
|
||||
if (CertStore == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (!(X509_STORE_add_cert (CertStore, X509CACert))) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -712,8 +720,10 @@ X509VerifyCert (
|
||||
// Allow partial certificate chains, terminated by a non-self-signed but
|
||||
// still trusted intermediate certificate. Also disable time checks.
|
||||
//
|
||||
X509_STORE_set_flags (CertStore,
|
||||
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
|
||||
X509_STORE_set_flags (
|
||||
CertStore,
|
||||
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
|
||||
);
|
||||
|
||||
//
|
||||
// Set up X509_STORE_CTX for the subsequent verification operation.
|
||||
@@ -722,6 +732,7 @@ X509VerifyCert (
|
||||
if (CertCtx == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) {
|
||||
goto _Exit;
|
||||
}
|
||||
@@ -729,7 +740,7 @@ X509VerifyCert (
|
||||
//
|
||||
// X509 Certificate Verification.
|
||||
//
|
||||
Status = (BOOLEAN) X509_verify_cert (CertCtx);
|
||||
Status = (BOOLEAN)X509_verify_cert (CertCtx);
|
||||
X509_STORE_CTX_cleanup (CertCtx);
|
||||
|
||||
_Exit:
|
||||
@@ -787,7 +798,8 @@ X509GetTBSCert (
|
||||
// Check input parameters.
|
||||
//
|
||||
if ((Cert == NULL) || (TBSCert == NULL) ||
|
||||
(TBSCertSize == NULL) || (CertSize > INT_MAX)) {
|
||||
(TBSCertSize == NULL) || (CertSize > INT_MAX))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
@@ -205,10 +205,10 @@ X509GetCommonName (
|
||||
RETURN_STATUS
|
||||
EFIAPI
|
||||
X509GetOrganizationName (
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT CHAR8 *NameBuffer OPTIONAL,
|
||||
IN OUT UINTN *NameBufferSize
|
||||
IN CONST UINT8 *Cert,
|
||||
IN UINTN CertSize,
|
||||
OUT CHAR8 *NameBuffer OPTIONAL,
|
||||
IN OUT UINTN *NameBufferSize
|
||||
)
|
||||
{
|
||||
ASSERT (FALSE);
|
||||
|
@@ -55,7 +55,7 @@ RandomSeed (
|
||||
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
|
||||
//
|
||||
if (Seed != NULL) {
|
||||
RAND_seed (Seed, (UINT32) SeedSize);
|
||||
RAND_seed (Seed, (UINT32)SeedSize);
|
||||
} else {
|
||||
RAND_seed (DefaultSeed, sizeof (DefaultSeed));
|
||||
}
|
||||
@@ -89,14 +89,14 @@ RandomBytes (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Output == NULL || Size > INT_MAX) {
|
||||
if ((Output == NULL) || (Size > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// Generate random data.
|
||||
//
|
||||
if (RAND_bytes (Output, (UINT32) Size) != 1) {
|
||||
if (RAND_bytes (Output, (UINT32)Size) != 1) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
@@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
|
||||
|
||||
/**
|
||||
Sets up the seed value for the pseudorandom number generator.
|
||||
|
||||
|
@@ -53,7 +53,7 @@ RandomSeed (
|
||||
// NOTE: A cryptographic PRNG must be seeded with unpredictable data.
|
||||
//
|
||||
if (Seed != NULL) {
|
||||
RAND_seed (Seed, (UINT32) SeedSize);
|
||||
RAND_seed (Seed, (UINT32)SeedSize);
|
||||
} else {
|
||||
//
|
||||
// Retrieve current time.
|
||||
@@ -97,14 +97,14 @@ RandomBytes (
|
||||
//
|
||||
// Check input parameters.
|
||||
//
|
||||
if (Output == NULL || Size > INT_MAX) {
|
||||
if ((Output == NULL) || (Size > INT_MAX)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//
|
||||
// Generate random data.
|
||||
//
|
||||
if (RAND_bytes (Output, (UINT32) Size) != 1) {
|
||||
if (RAND_bytes (Output, (UINT32)Size) != 1) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
@@ -13,21 +13,24 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
//
|
||||
// Extra header to record the memory buffer size from malloc routine.
|
||||
//
|
||||
#define CRYPTMEM_HEAD_SIGNATURE SIGNATURE_32('c','m','h','d')
|
||||
#define CRYPTMEM_HEAD_SIGNATURE SIGNATURE_32('c','m','h','d')
|
||||
typedef struct {
|
||||
UINT32 Signature;
|
||||
UINT32 Reserved;
|
||||
UINTN Size;
|
||||
} CRYPTMEM_HEAD;
|
||||
|
||||
#define CRYPTMEM_OVERHEAD sizeof(CRYPTMEM_HEAD)
|
||||
#define CRYPTMEM_OVERHEAD sizeof(CRYPTMEM_HEAD)
|
||||
|
||||
//
|
||||
// -- Memory-Allocation Routines --
|
||||
//
|
||||
|
||||
/* Allocates memory blocks */
|
||||
void *malloc (size_t size)
|
||||
void *
|
||||
malloc (
|
||||
size_t size
|
||||
)
|
||||
{
|
||||
CRYPTMEM_HEAD *PoolHdr;
|
||||
UINTN NewSize;
|
||||
@@ -38,7 +41,7 @@ void *malloc (size_t size)
|
||||
//
|
||||
NewSize = (UINTN)(size) + CRYPTMEM_OVERHEAD;
|
||||
|
||||
Data = AllocatePool (NewSize);
|
||||
Data = AllocatePool (NewSize);
|
||||
if (Data != NULL) {
|
||||
PoolHdr = (CRYPTMEM_HEAD *)Data;
|
||||
//
|
||||
@@ -57,7 +60,11 @@ void *malloc (size_t size)
|
||||
}
|
||||
|
||||
/* Reallocate memory blocks */
|
||||
void *realloc (void *ptr, size_t size)
|
||||
void *
|
||||
realloc (
|
||||
void *ptr,
|
||||
size_t size
|
||||
)
|
||||
{
|
||||
CRYPTMEM_HEAD *OldPoolHdr;
|
||||
CRYPTMEM_HEAD *NewPoolHdr;
|
||||
@@ -66,9 +73,9 @@ void *realloc (void *ptr, size_t size)
|
||||
VOID *Data;
|
||||
|
||||
NewSize = (UINTN)size + CRYPTMEM_OVERHEAD;
|
||||
Data = AllocatePool (NewSize);
|
||||
Data = AllocatePool (NewSize);
|
||||
if (Data != NULL) {
|
||||
NewPoolHdr = (CRYPTMEM_HEAD *)Data;
|
||||
NewPoolHdr = (CRYPTMEM_HEAD *)Data;
|
||||
NewPoolHdr->Signature = CRYPTMEM_HEAD_SIGNATURE;
|
||||
NewPoolHdr->Size = size;
|
||||
if (ptr != NULL) {
|
||||
@@ -96,7 +103,10 @@ void *realloc (void *ptr, size_t size)
|
||||
}
|
||||
|
||||
/* De-allocates or frees a memory block */
|
||||
void free (void *ptr)
|
||||
void
|
||||
free (
|
||||
void *ptr
|
||||
)
|
||||
{
|
||||
CRYPTMEM_HEAD *PoolHdr;
|
||||
|
||||
|
@@ -23,15 +23,22 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
// -- Time Management Routines --
|
||||
//
|
||||
|
||||
time_t time (time_t *timer)
|
||||
time_t
|
||||
time (
|
||||
time_t *timer
|
||||
)
|
||||
{
|
||||
if (timer != NULL) {
|
||||
*timer = 0;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct tm * gmtime (const time_t *timer)
|
||||
struct tm *
|
||||
gmtime (
|
||||
const time_t *timer
|
||||
)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
@@ -9,7 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
#include <CrtLibSupport.h>
|
||||
|
||||
int errno = 0;
|
||||
int errno = 0;
|
||||
|
||||
FILE *stderr = NULL;
|
||||
FILE *stdin = NULL;
|
||||
@@ -35,15 +35,15 @@ QuickSortWorker (
|
||||
IN VOID *Buffer
|
||||
)
|
||||
{
|
||||
VOID *Pivot;
|
||||
UINTN LoopCount;
|
||||
UINTN NextSwapLocation;
|
||||
VOID *Pivot;
|
||||
UINTN LoopCount;
|
||||
UINTN NextSwapLocation;
|
||||
|
||||
ASSERT(BufferToSort != NULL);
|
||||
ASSERT(CompareFunction != NULL);
|
||||
ASSERT(Buffer != NULL);
|
||||
ASSERT (BufferToSort != NULL);
|
||||
ASSERT (CompareFunction != NULL);
|
||||
ASSERT (Buffer != NULL);
|
||||
|
||||
if (Count < 2 || ElementSize < 1) {
|
||||
if ((Count < 2) || (ElementSize < 1)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -58,8 +58,7 @@ QuickSortWorker (
|
||||
// Now get the pivot such that all on "left" are below it
|
||||
// and everything "right" are above it
|
||||
//
|
||||
for (LoopCount = 0; LoopCount < Count - 1; LoopCount++)
|
||||
{
|
||||
for (LoopCount = 0; LoopCount < Count - 1; LoopCount++) {
|
||||
//
|
||||
// If the element is less than the pivot
|
||||
//
|
||||
@@ -77,6 +76,7 @@ QuickSortWorker (
|
||||
NextSwapLocation++;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Swap pivot to its final position (NextSwapLocation)
|
||||
//
|
||||
@@ -107,28 +107,37 @@ QuickSortWorker (
|
||||
return;
|
||||
}
|
||||
|
||||
//---------------------------------------------------------
|
||||
// ---------------------------------------------------------
|
||||
// Standard C Run-time Library Interface Wrapper
|
||||
//---------------------------------------------------------
|
||||
// ---------------------------------------------------------
|
||||
|
||||
//
|
||||
// -- String Manipulation Routines --
|
||||
//
|
||||
|
||||
char *strchr(const char *str, int ch)
|
||||
char *
|
||||
strchr (
|
||||
const char *str,
|
||||
int ch
|
||||
)
|
||||
{
|
||||
return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch);
|
||||
}
|
||||
|
||||
/* Scan a string for the last occurrence of a character */
|
||||
char *strrchr (const char *str, int c)
|
||||
char *
|
||||
strrchr (
|
||||
const char *str,
|
||||
int c
|
||||
)
|
||||
{
|
||||
char * save;
|
||||
char *save;
|
||||
|
||||
for (save = NULL; ; ++str) {
|
||||
if (*str == c) {
|
||||
save = (char *)str;
|
||||
}
|
||||
|
||||
if (*str == 0) {
|
||||
return (save);
|
||||
}
|
||||
@@ -136,19 +145,25 @@ char *strrchr (const char *str, int c)
|
||||
}
|
||||
|
||||
/* Compare first n bytes of string s1 with string s2, ignoring case */
|
||||
int strncasecmp (const char *s1, const char *s2, size_t n)
|
||||
int
|
||||
strncasecmp (
|
||||
const char *s1,
|
||||
const char *s2,
|
||||
size_t n
|
||||
)
|
||||
{
|
||||
int Val;
|
||||
int Val;
|
||||
|
||||
ASSERT(s1 != NULL);
|
||||
ASSERT(s2 != NULL);
|
||||
ASSERT (s1 != NULL);
|
||||
ASSERT (s2 != NULL);
|
||||
|
||||
if (n != 0) {
|
||||
do {
|
||||
Val = tolower(*s1) - tolower(*s2);
|
||||
Val = tolower (*s1) - tolower (*s2);
|
||||
if (Val != 0) {
|
||||
return Val;
|
||||
}
|
||||
|
||||
++s1;
|
||||
++s2;
|
||||
if (*s1 == '\0') {
|
||||
@@ -156,11 +171,17 @@ int strncasecmp (const char *s1, const char *s2, size_t n)
|
||||
}
|
||||
} while (--n != 0);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Read formatted data from a string */
|
||||
int sscanf (const char *buffer, const char *format, ...)
|
||||
int
|
||||
sscanf (
|
||||
const char *buffer,
|
||||
const char *format,
|
||||
...
|
||||
)
|
||||
{
|
||||
//
|
||||
// Null sscanf() function implementation to satisfy the linker, since
|
||||
@@ -170,14 +191,21 @@ int sscanf (const char *buffer, const char *format, ...)
|
||||
}
|
||||
|
||||
/* Maps errnum to an error-message string */
|
||||
char * strerror (int errnum)
|
||||
char *
|
||||
strerror (
|
||||
int errnum
|
||||
)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Computes the length of the maximum initial segment of the string pointed to by s1
|
||||
which consists entirely of characters from the string pointed to by s2. */
|
||||
size_t strspn (const char *s1 , const char *s2)
|
||||
size_t
|
||||
strspn (
|
||||
const char *s1,
|
||||
const char *s2
|
||||
)
|
||||
{
|
||||
UINT8 Map[32];
|
||||
UINT32 Index;
|
||||
@@ -207,11 +235,15 @@ size_t strspn (const char *s1 , const char *s2)
|
||||
|
||||
/* Computes the length of the maximum initial segment of the string pointed to by s1
|
||||
which consists entirely of characters not from the string pointed to by s2. */
|
||||
size_t strcspn (const char *s1, const char *s2)
|
||||
size_t
|
||||
strcspn (
|
||||
const char *s1,
|
||||
const char *s2
|
||||
)
|
||||
{
|
||||
UINT8 Map[32];
|
||||
UINT32 Index;
|
||||
size_t Count;
|
||||
UINT8 Map[32];
|
||||
UINT32 Index;
|
||||
size_t Count;
|
||||
|
||||
for (Index = 0; Index < 32; Index++) {
|
||||
Map[Index] = 0;
|
||||
@@ -224,9 +256,9 @@ size_t strcspn (const char *s1, const char *s2)
|
||||
|
||||
Map[0] |= 1;
|
||||
|
||||
Count = 0;
|
||||
Count = 0;
|
||||
while (!(Map[*s1 >> 3] & (1 << (*s1 & 7)))) {
|
||||
Count ++;
|
||||
Count++;
|
||||
s1++;
|
||||
}
|
||||
|
||||
@@ -238,7 +270,10 @@ size_t strcspn (const char *s1, const char *s2)
|
||||
//
|
||||
|
||||
/* Determines if a particular character is a decimal-digit character */
|
||||
int isdigit (int c)
|
||||
int
|
||||
isdigit (
|
||||
int c
|
||||
)
|
||||
{
|
||||
//
|
||||
// <digit> ::= [0-9]
|
||||
@@ -247,7 +282,10 @@ int isdigit (int c)
|
||||
}
|
||||
|
||||
/* Determine if an integer represents character that is a hex digit */
|
||||
int isxdigit (int c)
|
||||
int
|
||||
isxdigit (
|
||||
int c
|
||||
)
|
||||
{
|
||||
//
|
||||
// <hexdigit> ::= [0-9] | [a-f] | [A-F]
|
||||
@@ -258,7 +296,10 @@ int isxdigit (int c)
|
||||
}
|
||||
|
||||
/* Determines if a particular character represents a space character */
|
||||
int isspace (int c)
|
||||
int
|
||||
isspace (
|
||||
int c
|
||||
)
|
||||
{
|
||||
//
|
||||
// <space> ::= [ ]
|
||||
@@ -267,7 +308,10 @@ int isspace (int c)
|
||||
}
|
||||
|
||||
/* Determine if a particular character is an alphanumeric character */
|
||||
int isalnum (int c)
|
||||
int
|
||||
isalnum (
|
||||
int c
|
||||
)
|
||||
{
|
||||
//
|
||||
// <alnum> ::= [0-9] | [a-z] | [A-Z]
|
||||
@@ -278,7 +322,10 @@ int isalnum (int c)
|
||||
}
|
||||
|
||||
/* Determines if a particular character is in upper case */
|
||||
int isupper (int c)
|
||||
int
|
||||
isupper (
|
||||
int c
|
||||
)
|
||||
{
|
||||
//
|
||||
// <uppercase letter> := [A-Z]
|
||||
@@ -291,7 +338,12 @@ int isupper (int c)
|
||||
//
|
||||
|
||||
/* Convert strings to a long-integer value */
|
||||
long strtol (const char *nptr, char **endptr, int base)
|
||||
long
|
||||
strtol (
|
||||
const char *nptr,
|
||||
char **endptr,
|
||||
int base
|
||||
)
|
||||
{
|
||||
//
|
||||
// Null strtol() function implementation to satisfy the linker, since there is
|
||||
@@ -301,7 +353,12 @@ long strtol (const char *nptr, char **endptr, int base)
|
||||
}
|
||||
|
||||
/* Convert strings to an unsigned long-integer value */
|
||||
unsigned long strtoul (const char *nptr, char **endptr, int base)
|
||||
unsigned long
|
||||
strtoul (
|
||||
const char *nptr,
|
||||
char **endptr,
|
||||
int base
|
||||
)
|
||||
{
|
||||
//
|
||||
// Null strtoul() function implementation to satisfy the linker, since there is
|
||||
@@ -311,11 +368,15 @@ unsigned long strtoul (const char *nptr, char **endptr, int base)
|
||||
}
|
||||
|
||||
/* Convert character to lowercase */
|
||||
int tolower (int c)
|
||||
int
|
||||
tolower (
|
||||
int c
|
||||
)
|
||||
{
|
||||
if (('A' <= (c)) && ((c) <= 'Z')) {
|
||||
return (c - ('A' - 'a'));
|
||||
}
|
||||
|
||||
return (c);
|
||||
}
|
||||
|
||||
@@ -324,7 +385,13 @@ int tolower (int c)
|
||||
//
|
||||
|
||||
/* Performs a quick sort */
|
||||
void qsort (void *base, size_t num, size_t width, int (*compare)(const void *, const void *))
|
||||
void
|
||||
qsort (
|
||||
void *base,
|
||||
size_t num,
|
||||
size_t width,
|
||||
int ( *compare )(const void *, const void *)
|
||||
)
|
||||
{
|
||||
VOID *Buffer;
|
||||
|
||||
@@ -351,7 +418,10 @@ void qsort (void *base, size_t num, size_t width, int (*compare)(const void *, c
|
||||
//
|
||||
|
||||
/* Get a value from the current environment */
|
||||
char *getenv (const char *varname)
|
||||
char *
|
||||
getenv (
|
||||
const char *varname
|
||||
)
|
||||
{
|
||||
//
|
||||
// Null getenv() function implementation to satisfy the linker, since there is
|
||||
@@ -361,7 +431,10 @@ char *getenv (const char *varname)
|
||||
}
|
||||
|
||||
/* Get a value from the current environment */
|
||||
char *secure_getenv (const char *varname)
|
||||
char *
|
||||
secure_getenv (
|
||||
const char *varname
|
||||
)
|
||||
{
|
||||
//
|
||||
// Null secure_getenv() function implementation to satisfy the linker, since
|
||||
@@ -378,7 +451,13 @@ char *secure_getenv (const char *varname)
|
||||
//
|
||||
|
||||
/* Write data to a stream */
|
||||
size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
|
||||
size_t
|
||||
fwrite (
|
||||
const void *buffer,
|
||||
size_t size,
|
||||
size_t count,
|
||||
FILE *stream
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
@@ -387,12 +466,23 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
|
||||
// -- Dummy OpenSSL Support Routines --
|
||||
//
|
||||
|
||||
int BIO_printf (void *bio, const char *format, ...)
|
||||
int
|
||||
BIO_printf (
|
||||
void *bio,
|
||||
const char *format,
|
||||
...
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int BIO_snprintf(char *buf, size_t n, const char *format, ...)
|
||||
int
|
||||
BIO_snprintf (
|
||||
char *buf,
|
||||
size_t n,
|
||||
const char *format,
|
||||
...
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
@@ -403,7 +493,7 @@ typedef
|
||||
VOID
|
||||
(EFIAPI *NoReturnFuncPtr)(
|
||||
VOID
|
||||
) __attribute__((__noreturn__));
|
||||
) __attribute__ ((__noreturn__));
|
||||
|
||||
STATIC
|
||||
VOID
|
||||
@@ -414,60 +504,95 @@ NopFunction (
|
||||
{
|
||||
}
|
||||
|
||||
void abort (void)
|
||||
void
|
||||
abort (
|
||||
void
|
||||
)
|
||||
{
|
||||
NoReturnFuncPtr NoReturnFunc;
|
||||
NoReturnFuncPtr NoReturnFunc;
|
||||
|
||||
NoReturnFunc = (NoReturnFuncPtr) NopFunction;
|
||||
NoReturnFunc = (NoReturnFuncPtr)NopFunction;
|
||||
|
||||
NoReturnFunc ();
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
void abort (void)
|
||||
void
|
||||
abort (
|
||||
void
|
||||
)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
int fclose (FILE *f)
|
||||
int
|
||||
fclose (
|
||||
FILE *f
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
FILE *fopen (const char *c, const char *m)
|
||||
FILE *
|
||||
fopen (
|
||||
const char *c,
|
||||
const char *m
|
||||
)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
size_t fread (void *b, size_t c, size_t i, FILE *f)
|
||||
size_t
|
||||
fread (
|
||||
void *b,
|
||||
size_t c,
|
||||
size_t i,
|
||||
FILE *f
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
uid_t getuid (void)
|
||||
uid_t
|
||||
getuid (
|
||||
void
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
uid_t geteuid (void)
|
||||
uid_t
|
||||
geteuid (
|
||||
void
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
gid_t getgid (void)
|
||||
gid_t
|
||||
getgid (
|
||||
void
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
gid_t getegid (void)
|
||||
gid_t
|
||||
getegid (
|
||||
void
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int printf (char const *fmt, ...)
|
||||
int
|
||||
printf (
|
||||
char const *fmt,
|
||||
...
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
@@ -13,42 +13,42 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Guid/EventGroup.h>
|
||||
|
||||
//----------------------------------------------------------------
|
||||
// ----------------------------------------------------------------
|
||||
// Initial version. Needs further optimizations.
|
||||
//----------------------------------------------------------------
|
||||
// ----------------------------------------------------------------
|
||||
|
||||
//
|
||||
// Definitions for Runtime Memory Operations
|
||||
//
|
||||
#define RT_PAGE_SIZE 0x200
|
||||
#define RT_PAGE_MASK 0x1FF
|
||||
#define RT_PAGE_SHIFT 9
|
||||
#define RT_PAGE_SIZE 0x200
|
||||
#define RT_PAGE_MASK 0x1FF
|
||||
#define RT_PAGE_SHIFT 9
|
||||
|
||||
#define RT_SIZE_TO_PAGES(a) (((a) >> RT_PAGE_SHIFT) + (((a) & RT_PAGE_MASK) ? 1 : 0))
|
||||
#define RT_PAGES_TO_SIZE(a) ((a) << RT_PAGE_SHIFT)
|
||||
#define RT_SIZE_TO_PAGES(a) (((a) >> RT_PAGE_SHIFT) + (((a) & RT_PAGE_MASK) ? 1 : 0))
|
||||
#define RT_PAGES_TO_SIZE(a) ((a) << RT_PAGE_SHIFT)
|
||||
|
||||
//
|
||||
// Page Flag Definitions
|
||||
//
|
||||
#define RT_PAGE_FREE 0x00000000
|
||||
#define RT_PAGE_USED 0x00000001
|
||||
#define RT_PAGE_FREE 0x00000000
|
||||
#define RT_PAGE_USED 0x00000001
|
||||
|
||||
#define MIN_REQUIRED_BLOCKS 600
|
||||
#define MIN_REQUIRED_BLOCKS 600
|
||||
|
||||
//
|
||||
// Memory Page Table
|
||||
//
|
||||
typedef struct {
|
||||
UINTN StartPageOffset; // Offset of the starting page allocated.
|
||||
UINTN StartPageOffset; // Offset of the starting page allocated.
|
||||
// Only available for USED pages.
|
||||
UINT32 PageFlag; // Page Attributes.
|
||||
UINT32 PageFlag; // Page Attributes.
|
||||
} RT_MEMORY_PAGE_ENTRY;
|
||||
|
||||
typedef struct {
|
||||
UINTN PageCount;
|
||||
UINTN LastEmptyPageOffset;
|
||||
UINT8 *DataAreaBase; // Pointer to data Area.
|
||||
RT_MEMORY_PAGE_ENTRY Pages[1]; // Page Table Entries.
|
||||
UINTN PageCount;
|
||||
UINTN LastEmptyPageOffset;
|
||||
UINT8 *DataAreaBase; // Pointer to data Area.
|
||||
RT_MEMORY_PAGE_ENTRY Pages[1]; // Page Table Entries.
|
||||
} RT_MEMORY_PAGE_TABLE;
|
||||
|
||||
//
|
||||
@@ -59,8 +59,7 @@ RT_MEMORY_PAGE_TABLE *mRTPageTable = NULL;
|
||||
//
|
||||
// Event for Runtime Address Conversion.
|
||||
//
|
||||
STATIC EFI_EVENT mVirtualAddressChangeEvent;
|
||||
|
||||
STATIC EFI_EVENT mVirtualAddressChangeEvent;
|
||||
|
||||
/**
|
||||
Initializes pre-allocated memory pointed by ScratchBuffer for subsequent
|
||||
@@ -114,7 +113,6 @@ InitializeScratchMemory (
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Look-up Free memory Region for object allocation.
|
||||
|
||||
@@ -182,6 +180,7 @@ LookupFreeMemRegion (
|
||||
//
|
||||
return (UINTN)(-1);
|
||||
}
|
||||
|
||||
for (Index = 0; Index < (StartPageIndex - ReqPages); ) {
|
||||
//
|
||||
// Check Consecutive ReqPages Pages.
|
||||
@@ -203,7 +202,8 @@ LookupFreeMemRegion (
|
||||
// Failed! Skip current adjacent Used pages
|
||||
//
|
||||
while ((SubIndex < (StartPageIndex - ReqPages)) &&
|
||||
((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0)) {
|
||||
((mRTPageTable->Pages[SubIndex + Index].PageFlag & RT_PAGE_USED) != 0))
|
||||
{
|
||||
SubIndex++;
|
||||
}
|
||||
|
||||
@@ -216,7 +216,6 @@ LookupFreeMemRegion (
|
||||
return (UINTN)(-1);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Allocates a buffer at runtime phase.
|
||||
|
||||
@@ -274,7 +273,6 @@ RuntimeAllocateMem (
|
||||
return AllocPtr;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Frees a buffer that was previously allocated at runtime phase.
|
||||
|
||||
@@ -290,19 +288,20 @@ RuntimeFreeMem (
|
||||
UINTN StartPageIndex;
|
||||
|
||||
StartOffset = (UINTN)Buffer - (UINTN)mRTPageTable->DataAreaBase;
|
||||
StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES(StartOffset)].StartPageOffset);
|
||||
StartPageIndex = RT_SIZE_TO_PAGES (mRTPageTable->Pages[RT_SIZE_TO_PAGES (StartOffset)].StartPageOffset);
|
||||
|
||||
while (StartPageIndex < mRTPageTable->PageCount) {
|
||||
if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
|
||||
(mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset)) {
|
||||
//
|
||||
// Free this page
|
||||
//
|
||||
mRTPageTable->Pages[StartPageIndex].PageFlag &= ~RT_PAGE_USED;
|
||||
mRTPageTable->Pages[StartPageIndex].PageFlag |= RT_PAGE_FREE;
|
||||
mRTPageTable->Pages[StartPageIndex].StartPageOffset = 0;
|
||||
(mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
|
||||
{
|
||||
//
|
||||
// Free this page
|
||||
//
|
||||
mRTPageTable->Pages[StartPageIndex].PageFlag &= ~RT_PAGE_USED;
|
||||
mRTPageTable->Pages[StartPageIndex].PageFlag |= RT_PAGE_FREE;
|
||||
mRTPageTable->Pages[StartPageIndex].StartPageOffset = 0;
|
||||
|
||||
StartPageIndex++;
|
||||
StartPageIndex++;
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
@@ -311,7 +310,6 @@ RuntimeFreeMem (
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
|
||||
|
||||
@@ -325,18 +323,17 @@ RuntimeFreeMem (
|
||||
VOID
|
||||
EFIAPI
|
||||
RuntimeCryptLibAddressChangeEvent (
|
||||
IN EFI_EVENT Event,
|
||||
IN VOID *Context
|
||||
IN EFI_EVENT Event,
|
||||
IN VOID *Context
|
||||
)
|
||||
{
|
||||
//
|
||||
// Converts a pointer for runtime memory management to a new virtual address.
|
||||
//
|
||||
EfiConvertPointer (0x0, (VOID **) &mRTPageTable->DataAreaBase);
|
||||
EfiConvertPointer (0x0, (VOID **) &mRTPageTable);
|
||||
EfiConvertPointer (0x0, (VOID **)&mRTPageTable->DataAreaBase);
|
||||
EfiConvertPointer (0x0, (VOID **)&mRTPageTable);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Constructor routine for runtime crypt library instance.
|
||||
|
||||
@@ -384,19 +381,25 @@ RuntimeCryptLibConstructor (
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// -- Memory-Allocation Routines Wrapper for UEFI-OpenSSL Library --
|
||||
//
|
||||
|
||||
/* Allocates memory blocks */
|
||||
void *malloc (size_t size)
|
||||
void *
|
||||
malloc (
|
||||
size_t size
|
||||
)
|
||||
{
|
||||
return RuntimeAllocateMem ((UINTN) size);
|
||||
return RuntimeAllocateMem ((UINTN)size);
|
||||
}
|
||||
|
||||
/* Reallocate memory blocks */
|
||||
void *realloc (void *ptr, size_t size)
|
||||
void *
|
||||
realloc (
|
||||
void *ptr,
|
||||
size_t size
|
||||
)
|
||||
{
|
||||
VOID *NewPtr;
|
||||
UINTN StartOffset;
|
||||
@@ -415,9 +418,10 @@ void *realloc (void *ptr, size_t size)
|
||||
PageCount = 0;
|
||||
while (StartPageIndex < mRTPageTable->PageCount) {
|
||||
if (((mRTPageTable->Pages[StartPageIndex].PageFlag & RT_PAGE_USED) != 0) &&
|
||||
(mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset)) {
|
||||
StartPageIndex++;
|
||||
PageCount++;
|
||||
(mRTPageTable->Pages[StartPageIndex].StartPageOffset == StartOffset))
|
||||
{
|
||||
StartPageIndex++;
|
||||
PageCount++;
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
@@ -430,7 +434,7 @@ void *realloc (void *ptr, size_t size)
|
||||
return ptr;
|
||||
}
|
||||
|
||||
NewPtr = RuntimeAllocateMem ((UINTN) size);
|
||||
NewPtr = RuntimeAllocateMem ((UINTN)size);
|
||||
if (NewPtr == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
@@ -443,7 +447,10 @@ void *realloc (void *ptr, size_t size)
|
||||
}
|
||||
|
||||
/* Deallocates or frees a memory block */
|
||||
void free (void *ptr)
|
||||
void
|
||||
free (
|
||||
void *ptr
|
||||
)
|
||||
{
|
||||
//
|
||||
// In Standard C, free() handles a null pointer argument transparently. This
|
||||
|
@@ -15,17 +15,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
// -- Time Management Routines --
|
||||
//
|
||||
|
||||
#define IsLeap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0))
|
||||
#define SECSPERMIN (60)
|
||||
#define SECSPERHOUR (60 * 60)
|
||||
#define SECSPERDAY (24 * SECSPERHOUR)
|
||||
#define IsLeap(y) (((y) % 4) == 0 && (((y) % 100) != 0 || ((y) % 400) == 0))
|
||||
#define SECSPERMIN (60)
|
||||
#define SECSPERHOUR (60 * 60)
|
||||
#define SECSPERDAY (24 * SECSPERHOUR)
|
||||
|
||||
//
|
||||
// The arrays give the cumulative number of days up to the first of the
|
||||
// month number used as the index (1 -> 12) for regular and leap years.
|
||||
// The value at index 13 is for the whole year.
|
||||
//
|
||||
UINTN CumulativeDays[2][14] = {
|
||||
UINTN CumulativeDays[2][14] = {
|
||||
{
|
||||
0,
|
||||
0,
|
||||
@@ -61,10 +61,13 @@ UINTN CumulativeDays[2][14] = {
|
||||
};
|
||||
|
||||
/* Get the system time as seconds elapsed since midnight, January 1, 1970. */
|
||||
//INTN time(
|
||||
// INTN time(
|
||||
// INTN *timer
|
||||
// )
|
||||
time_t time (time_t *timer)
|
||||
time_t
|
||||
time (
|
||||
time_t *timer
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
EFI_TIME Time;
|
||||
@@ -84,7 +87,7 @@ time_t time (time_t *timer)
|
||||
// UTime should now be set to 00:00:00 on Jan 1 of the current year.
|
||||
//
|
||||
for (Year = 1970, CalTime = 0; Year != Time.Year; Year++) {
|
||||
CalTime = CalTime + (time_t)(CumulativeDays[IsLeap(Year)][13] * SECSPERDAY);
|
||||
CalTime = CalTime + (time_t)(CumulativeDays[IsLeap (Year)][13] * SECSPERDAY);
|
||||
}
|
||||
|
||||
//
|
||||
@@ -92,7 +95,7 @@ time_t time (time_t *timer)
|
||||
//
|
||||
CalTime = CalTime +
|
||||
(time_t)((Time.TimeZone != EFI_UNSPECIFIED_TIMEZONE) ? (Time.TimeZone * 60) : 0) +
|
||||
(time_t)(CumulativeDays[IsLeap(Time.Year)][Time.Month] * SECSPERDAY) +
|
||||
(time_t)(CumulativeDays[IsLeap (Time.Year)][Time.Month] * SECSPERDAY) +
|
||||
(time_t)(((Time.Day > 0) ? Time.Day - 1 : 0) * SECSPERDAY) +
|
||||
(time_t)(Time.Hour * SECSPERHOUR) +
|
||||
(time_t)(Time.Minute * 60) +
|
||||
@@ -108,7 +111,10 @@ time_t time (time_t *timer)
|
||||
//
|
||||
// Convert a time value from type time_t to struct tm.
|
||||
//
|
||||
struct tm * gmtime (const time_t *timer)
|
||||
struct tm *
|
||||
gmtime (
|
||||
const time_t *timer
|
||||
)
|
||||
{
|
||||
struct tm *GmTime;
|
||||
UINT16 DayNo;
|
||||
@@ -127,38 +133,38 @@ struct tm * gmtime (const time_t *timer)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ZeroMem ((VOID *) GmTime, (UINTN) sizeof (struct tm));
|
||||
ZeroMem ((VOID *)GmTime, (UINTN)sizeof (struct tm));
|
||||
|
||||
DayNo = (UINT16) (*timer / SECSPERDAY);
|
||||
DayRemainder = (UINT16) (*timer % SECSPERDAY);
|
||||
DayNo = (UINT16)(*timer / SECSPERDAY);
|
||||
DayRemainder = (UINT16)(*timer % SECSPERDAY);
|
||||
|
||||
GmTime->tm_sec = (int) (DayRemainder % SECSPERMIN);
|
||||
GmTime->tm_min = (int) ((DayRemainder % SECSPERHOUR) / SECSPERMIN);
|
||||
GmTime->tm_hour = (int) (DayRemainder / SECSPERHOUR);
|
||||
GmTime->tm_wday = (int) ((DayNo + 4) % 7);
|
||||
GmTime->tm_sec = (int)(DayRemainder % SECSPERMIN);
|
||||
GmTime->tm_min = (int)((DayRemainder % SECSPERHOUR) / SECSPERMIN);
|
||||
GmTime->tm_hour = (int)(DayRemainder / SECSPERHOUR);
|
||||
GmTime->tm_wday = (int)((DayNo + 4) % 7);
|
||||
|
||||
for (Year = 1970, YearNo = 0; DayNo > 0; Year++) {
|
||||
TotalDays = (UINT16) (IsLeap (Year) ? 366 : 365);
|
||||
TotalDays = (UINT16)(IsLeap (Year) ? 366 : 365);
|
||||
if (DayNo >= TotalDays) {
|
||||
DayNo = (UINT16) (DayNo - TotalDays);
|
||||
DayNo = (UINT16)(DayNo - TotalDays);
|
||||
YearNo++;
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
GmTime->tm_year = (int) (YearNo + (1970 - 1900));
|
||||
GmTime->tm_yday = (int) DayNo;
|
||||
GmTime->tm_year = (int)(YearNo + (1970 - 1900));
|
||||
GmTime->tm_yday = (int)DayNo;
|
||||
|
||||
for (MonthNo = 12; MonthNo > 1; MonthNo--) {
|
||||
if (DayNo >= CumulativeDays[IsLeap(Year)][MonthNo]) {
|
||||
DayNo = (UINT16) (DayNo - (UINT16) (CumulativeDays[IsLeap(Year)][MonthNo]));
|
||||
if (DayNo >= CumulativeDays[IsLeap (Year)][MonthNo]) {
|
||||
DayNo = (UINT16)(DayNo - (UINT16)(CumulativeDays[IsLeap (Year)][MonthNo]));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
GmTime->tm_mon = (int) MonthNo - 1;
|
||||
GmTime->tm_mday = (int) DayNo + 1;
|
||||
GmTime->tm_mon = (int)MonthNo - 1;
|
||||
GmTime->tm_mday = (int)DayNo + 1;
|
||||
|
||||
GmTime->tm_isdst = 0;
|
||||
GmTime->tm_gmtoff = 0;
|
||||
|
@@ -14,28 +14,38 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <Library/DebugLib.h>
|
||||
|
||||
/* Convert character to lowercase */
|
||||
int tolower (int c)
|
||||
int
|
||||
tolower (
|
||||
int c
|
||||
)
|
||||
{
|
||||
if (('A' <= (c)) && ((c) <= 'Z')) {
|
||||
return (c - ('A' - 'a'));
|
||||
}
|
||||
|
||||
return (c);
|
||||
}
|
||||
|
||||
/* Compare first n bytes of string s1 with string s2, ignoring case */
|
||||
int strncasecmp (const char *s1, const char *s2, size_t n)
|
||||
int
|
||||
strncasecmp (
|
||||
const char *s1,
|
||||
const char *s2,
|
||||
size_t n
|
||||
)
|
||||
{
|
||||
int Val;
|
||||
int Val;
|
||||
|
||||
ASSERT(s1 != NULL);
|
||||
ASSERT(s2 != NULL);
|
||||
ASSERT (s1 != NULL);
|
||||
ASSERT (s2 != NULL);
|
||||
|
||||
if (n != 0) {
|
||||
do {
|
||||
Val = tolower(*s1) - tolower(*s2);
|
||||
Val = tolower (*s1) - tolower (*s2);
|
||||
if (Val != 0) {
|
||||
return Val;
|
||||
}
|
||||
|
||||
++s1;
|
||||
++s2;
|
||||
if (*s1 == '\0') {
|
||||
@@ -43,11 +53,17 @@ int strncasecmp (const char *s1, const char *s2, size_t n)
|
||||
}
|
||||
} while (--n != 0);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Read formatted data from a string */
|
||||
int sscanf (const char *buffer, const char *format, ...)
|
||||
int
|
||||
sscanf (
|
||||
const char *buffer,
|
||||
const char *format,
|
||||
...
|
||||
)
|
||||
{
|
||||
//
|
||||
// Null sscanf() function implementation to satisfy the linker, since
|
||||
@@ -60,34 +76,57 @@ int sscanf (const char *buffer, const char *format, ...)
|
||||
// -- Dummy OpenSSL Support Routines --
|
||||
//
|
||||
|
||||
int BIO_printf (void *bio, const char *format, ...)
|
||||
int
|
||||
BIO_printf (
|
||||
void *bio,
|
||||
const char *format,
|
||||
...
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int BIO_snprintf(char *buf, size_t n, const char *format, ...)
|
||||
int
|
||||
BIO_snprintf (
|
||||
char *buf,
|
||||
size_t n,
|
||||
const char *format,
|
||||
...
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
uid_t getuid (void)
|
||||
uid_t
|
||||
getuid (
|
||||
void
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
uid_t geteuid (void)
|
||||
uid_t
|
||||
geteuid (
|
||||
void
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
gid_t getgid (void)
|
||||
gid_t
|
||||
getgid (
|
||||
void
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
gid_t getegid (void)
|
||||
gid_t
|
||||
getegid (
|
||||
void
|
||||
)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int errno = 0;
|
||||
int errno = 0;
|
||||
|
@@ -18,28 +18,28 @@
|
||||
* Portions copyright (c) 1999, 2000
|
||||
* Intel Corporation.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
*
|
||||
*
|
||||
* This product includes software developed by Intel Corporation and
|
||||
* its contributors.
|
||||
*
|
||||
*
|
||||
* 4. Neither the name of Intel Corporation or its contributors may be
|
||||
* used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ``AS IS''
|
||||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@@ -51,11 +51,11 @@
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
||||
* THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
*
|
||||
*/
|
||||
|
||||
#if defined(LIBC_SCCS) && !defined(lint)
|
||||
static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $";
|
||||
#if defined (LIBC_SCCS) && !defined (lint)
|
||||
static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $";
|
||||
#endif /* LIBC_SCCS and not lint */
|
||||
|
||||
#include <sys/param.h>
|
||||
@@ -72,186 +72,229 @@ static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $
|
||||
* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
|
||||
*/
|
||||
|
||||
static int inet_pton4 (const char *src, u_char *dst);
|
||||
static int inet_pton6 (const char *src, u_char *dst);
|
||||
static int
|
||||
inet_pton4 (
|
||||
const char *src,
|
||||
u_char *dst
|
||||
);
|
||||
|
||||
static int
|
||||
inet_pton6 (
|
||||
const char *src,
|
||||
u_char *dst
|
||||
);
|
||||
|
||||
/* int
|
||||
* inet_pton(af, src, dst)
|
||||
* convert from presentation format (which usually means ASCII printable)
|
||||
* to network format (which is usually some kind of binary format).
|
||||
* convert from presentation format (which usually means ASCII printable)
|
||||
* to network format (which is usually some kind of binary format).
|
||||
* return:
|
||||
* 1 if the address was valid for the specified address family
|
||||
* 0 if the address wasn't valid (`dst' is untouched in this case)
|
||||
* -1 if some other error occurred (`dst' is untouched in this case, too)
|
||||
* 1 if the address was valid for the specified address family
|
||||
* 0 if the address wasn't valid (`dst' is untouched in this case)
|
||||
* -1 if some other error occurred (`dst' is untouched in this case, too)
|
||||
* author:
|
||||
* Paul Vixie, 1996.
|
||||
* Paul Vixie, 1996.
|
||||
*/
|
||||
int
|
||||
inet_pton(
|
||||
int af,
|
||||
const char *src,
|
||||
void *dst
|
||||
)
|
||||
inet_pton (
|
||||
int af,
|
||||
const char *src,
|
||||
void *dst
|
||||
)
|
||||
{
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return (inet_pton4(src, dst));
|
||||
case AF_INET6:
|
||||
return (inet_pton6(src, dst));
|
||||
default:
|
||||
errno = EAFNOSUPPORT;
|
||||
return (-1);
|
||||
}
|
||||
/* NOTREACHED */
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return (inet_pton4 (src, dst));
|
||||
case AF_INET6:
|
||||
return (inet_pton6 (src, dst));
|
||||
default:
|
||||
errno = EAFNOSUPPORT;
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* NOTREACHED */
|
||||
}
|
||||
|
||||
/* int
|
||||
* inet_pton4(src, dst)
|
||||
* like inet_aton() but without all the hexadecimal and shorthand.
|
||||
* like inet_aton() but without all the hexadecimal and shorthand.
|
||||
* return:
|
||||
* 1 if `src' is a valid dotted quad, else 0.
|
||||
* 1 if `src' is a valid dotted quad, else 0.
|
||||
* notice:
|
||||
* does not touch `dst' unless it's returning 1.
|
||||
* does not touch `dst' unless it's returning 1.
|
||||
* author:
|
||||
* Paul Vixie, 1996.
|
||||
* Paul Vixie, 1996.
|
||||
*/
|
||||
static int
|
||||
inet_pton4(
|
||||
const char *src,
|
||||
u_char *dst
|
||||
)
|
||||
inet_pton4 (
|
||||
const char *src,
|
||||
u_char *dst
|
||||
)
|
||||
{
|
||||
static const char digits[] = "0123456789";
|
||||
int saw_digit, octets, ch;
|
||||
u_char tmp[NS_INADDRSZ], *tp;
|
||||
static const char digits[] = "0123456789";
|
||||
int saw_digit, octets, ch;
|
||||
u_char tmp[NS_INADDRSZ], *tp;
|
||||
|
||||
saw_digit = 0;
|
||||
octets = 0;
|
||||
*(tp = tmp) = 0;
|
||||
while ((ch = *src++) != '\0') {
|
||||
const char *pch;
|
||||
saw_digit = 0;
|
||||
octets = 0;
|
||||
*(tp = tmp) = 0;
|
||||
while ((ch = *src++) != '\0') {
|
||||
const char *pch;
|
||||
|
||||
if ((pch = strchr(digits, ch)) != NULL) {
|
||||
u_int new = *tp * 10 + (u_int)(pch - digits);
|
||||
if ((pch = strchr (digits, ch)) != NULL) {
|
||||
u_int new = *tp * 10 + (u_int)(pch - digits);
|
||||
|
||||
if (new > 255)
|
||||
return (0);
|
||||
*tp = (u_char)new;
|
||||
if (! saw_digit) {
|
||||
if (++octets > 4)
|
||||
return (0);
|
||||
saw_digit = 1;
|
||||
}
|
||||
} else if (ch == '.' && saw_digit) {
|
||||
if (octets == 4)
|
||||
return (0);
|
||||
*++tp = 0;
|
||||
saw_digit = 0;
|
||||
} else
|
||||
return (0);
|
||||
}
|
||||
if (octets < 4)
|
||||
return (0);
|
||||
if (new > 255) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
memcpy(dst, tmp, NS_INADDRSZ);
|
||||
return (1);
|
||||
*tp = (u_char)new;
|
||||
if (!saw_digit) {
|
||||
if (++octets > 4) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
saw_digit = 1;
|
||||
}
|
||||
} else if ((ch == '.') && saw_digit) {
|
||||
if (octets == 4) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
*++tp = 0;
|
||||
saw_digit = 0;
|
||||
} else {
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
|
||||
if (octets < 4) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
memcpy (dst, tmp, NS_INADDRSZ);
|
||||
return (1);
|
||||
}
|
||||
|
||||
/* int
|
||||
* inet_pton6(src, dst)
|
||||
* convert presentation level address to network order binary form.
|
||||
* convert presentation level address to network order binary form.
|
||||
* return:
|
||||
* 1 if `src' is a valid [RFC1884 2.2] address, else 0.
|
||||
* 1 if `src' is a valid [RFC1884 2.2] address, else 0.
|
||||
* notice:
|
||||
* (1) does not touch `dst' unless it's returning 1.
|
||||
* (2) :: in a full address is silently ignored.
|
||||
* (1) does not touch `dst' unless it's returning 1.
|
||||
* (2) :: in a full address is silently ignored.
|
||||
* credit:
|
||||
* inspired by Mark Andrews.
|
||||
* inspired by Mark Andrews.
|
||||
* author:
|
||||
* Paul Vixie, 1996.
|
||||
* Paul Vixie, 1996.
|
||||
*/
|
||||
static int
|
||||
inet_pton6(
|
||||
const char *src,
|
||||
u_char *dst
|
||||
)
|
||||
inet_pton6 (
|
||||
const char *src,
|
||||
u_char *dst
|
||||
)
|
||||
{
|
||||
static const char xdigits_l[] = "0123456789abcdef",
|
||||
xdigits_u[] = "0123456789ABCDEF";
|
||||
u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
|
||||
const char *xdigits, *curtok;
|
||||
int ch, saw_xdigit;
|
||||
u_int val;
|
||||
static const char xdigits_l[] = "0123456789abcdef",
|
||||
xdigits_u[] = "0123456789ABCDEF";
|
||||
u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
|
||||
const char *xdigits, *curtok;
|
||||
int ch, saw_xdigit;
|
||||
u_int val;
|
||||
|
||||
memset((tp = tmp), '\0', NS_IN6ADDRSZ);
|
||||
endp = tp + NS_IN6ADDRSZ;
|
||||
colonp = NULL;
|
||||
/* Leading :: requires some special handling. */
|
||||
if (*src == ':')
|
||||
if (*++src != ':')
|
||||
return (0);
|
||||
curtok = src;
|
||||
saw_xdigit = 0;
|
||||
val = 0;
|
||||
while ((ch = *src++) != '\0') {
|
||||
const char *pch;
|
||||
memset ((tp = tmp), '\0', NS_IN6ADDRSZ);
|
||||
endp = tp + NS_IN6ADDRSZ;
|
||||
colonp = NULL;
|
||||
/* Leading :: requires some special handling. */
|
||||
if (*src == ':') {
|
||||
if (*++src != ':') {
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
|
||||
if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
|
||||
pch = strchr((xdigits = xdigits_u), ch);
|
||||
if (pch != NULL) {
|
||||
val <<= 4;
|
||||
val |= (pch - xdigits);
|
||||
if (val > 0xffff)
|
||||
return (0);
|
||||
saw_xdigit = 1;
|
||||
continue;
|
||||
}
|
||||
if (ch == ':') {
|
||||
curtok = src;
|
||||
if (!saw_xdigit) {
|
||||
if (colonp)
|
||||
return (0);
|
||||
colonp = tp;
|
||||
continue;
|
||||
}
|
||||
if (tp + NS_INT16SZ > endp)
|
||||
return (0);
|
||||
*tp++ = (u_char) (val >> 8) & 0xff;
|
||||
*tp++ = (u_char) val & 0xff;
|
||||
saw_xdigit = 0;
|
||||
val = 0;
|
||||
continue;
|
||||
}
|
||||
if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
|
||||
inet_pton4(curtok, tp) > 0) {
|
||||
tp += NS_INADDRSZ;
|
||||
saw_xdigit = 0;
|
||||
break; /* '\0' was seen by inet_pton4(). */
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
if (saw_xdigit) {
|
||||
if (tp + NS_INT16SZ > endp)
|
||||
return (0);
|
||||
*tp++ = (u_char) (val >> 8) & 0xff;
|
||||
*tp++ = (u_char) val & 0xff;
|
||||
}
|
||||
if (colonp != NULL) {
|
||||
/*
|
||||
* Since some memmove()'s erroneously fail to handle
|
||||
* overlapping regions, we'll do the shift by hand.
|
||||
*/
|
||||
const int n = (int)(tp - colonp);
|
||||
int i;
|
||||
curtok = src;
|
||||
saw_xdigit = 0;
|
||||
val = 0;
|
||||
while ((ch = *src++) != '\0') {
|
||||
const char *pch;
|
||||
|
||||
for (i = 1; i <= n; i++) {
|
||||
endp[- i] = colonp[n - i];
|
||||
colonp[n - i] = 0;
|
||||
}
|
||||
tp = endp;
|
||||
}
|
||||
if (tp != endp)
|
||||
return (0);
|
||||
memcpy(dst, tmp, NS_IN6ADDRSZ);
|
||||
return (1);
|
||||
if ((pch = strchr ((xdigits = xdigits_l), ch)) == NULL) {
|
||||
pch = strchr ((xdigits = xdigits_u), ch);
|
||||
}
|
||||
|
||||
if (pch != NULL) {
|
||||
val <<= 4;
|
||||
val |= (pch - xdigits);
|
||||
if (val > 0xffff) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
saw_xdigit = 1;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ch == ':') {
|
||||
curtok = src;
|
||||
if (!saw_xdigit) {
|
||||
if (colonp) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
colonp = tp;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (tp + NS_INT16SZ > endp) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
*tp++ = (u_char)(val >> 8) & 0xff;
|
||||
*tp++ = (u_char)val & 0xff;
|
||||
saw_xdigit = 0;
|
||||
val = 0;
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((ch == '.') && ((tp + NS_INADDRSZ) <= endp) &&
|
||||
(inet_pton4 (curtok, tp) > 0))
|
||||
{
|
||||
tp += NS_INADDRSZ;
|
||||
saw_xdigit = 0;
|
||||
break; /* '\0' was seen by inet_pton4(). */
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
if (saw_xdigit) {
|
||||
if (tp + NS_INT16SZ > endp) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
*tp++ = (u_char)(val >> 8) & 0xff;
|
||||
*tp++ = (u_char)val & 0xff;
|
||||
}
|
||||
|
||||
if (colonp != NULL) {
|
||||
/*
|
||||
* Since some memmove()'s erroneously fail to handle
|
||||
* overlapping regions, we'll do the shift by hand.
|
||||
*/
|
||||
const int n = (int)(tp - colonp);
|
||||
int i;
|
||||
|
||||
for (i = 1; i <= n; i++) {
|
||||
endp[-i] = colonp[n - i];
|
||||
colonp[n - i] = 0;
|
||||
}
|
||||
|
||||
tp = endp;
|
||||
}
|
||||
|
||||
if (tp != endp) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
memcpy (dst, tmp, NS_IN6ADDRSZ);
|
||||
return (1);
|
||||
}
|
||||
|
Reference in New Issue
Block a user