1. Fix build break issue for NOOPT target.

2. Fix potential system hang issue in X509_STORE_CTX_cleanup. 3. Fix potential overflow when convert UINTN to INT. 4. Update Pkcs7Sign() to output stripped PKCS#7 SignedData. 5. Update Pkcs7Verify() to support both wrapped/stripped PKCS#7 SignedData. Signed-off-by: tye Reviewed-by: xdu2 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12593 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 07:41:26 +00:00
parent 91c7aa5389
commit da9e7418da
5 changed files with 126 additions and 13 deletions
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -48,6 +48,10 @@ X509ConstructCertificate (
  ASSERT (Cert != NULL);
  ASSERT (SingleX509Cert != NULL);

+  if (CertSize > INT_MAX) {
+    return FALSE;
+  }
+
  Status = FALSE;

  //
@@ -439,6 +443,7 @@ X509VerifyCert (
  // X509 Certificate Verification.
  //
  Status = (BOOLEAN) X509_verify_cert (&CertCtx);
+  X509_STORE_CTX_cleanup (&CertCtx);

 _Exit:
  //
@@ -447,7 +452,6 @@ _Exit:
  X509_free (X509Cert);
  X509_free (X509CACert);
  X509_STORE_free (CertStore);
-  X509_STORE_CTX_cleanup (&CertCtx);

  return Status;
 }