Fix several issues in BaseCryptLib:

1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.

Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
tye1
2012-08-02 02:49:24 +00:00
parent a08dcb2ab1
commit dda39f3a58
20 changed files with 276 additions and 81 deletions

View File

@@ -346,7 +346,6 @@ X509GetSubjectName (
return FALSE;
}
Status = FALSE;
X509Cert = NULL;
//
@@ -354,13 +353,20 @@ X509GetSubjectName (
//
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
}
Status = FALSE;
//
// Retrieve subject name from certificate object.
//
X509Name = X509_get_subject_name (X509Cert);
if (X509Name == NULL) {
goto _Exit;
}
if (*SubjectSize < (UINTN) X509Name->bytes->length) {
*SubjectSize = (UINTN) X509Name->bytes->length;
goto _Exit;
@@ -375,7 +381,9 @@ _Exit:
//
// Release Resources.
//
X509_free (X509Cert);
if (X509Cert != NULL) {
X509_free (X509Cert);
}
return Status;
}
@@ -415,7 +423,6 @@ RsaGetPublicKeyFromX509 (
return FALSE;
}
Status = FALSE;
Pkey = NULL;
X509Cert = NULL;
@@ -424,9 +431,12 @@ RsaGetPublicKeyFromX509 (
//
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
}
Status = FALSE;
//
// Retrieve and check EVP_PKEY data from X509 Certificate.
//
@@ -446,8 +456,13 @@ _Exit:
//
// Release Resources.
//
X509_free (X509Cert);
EVP_PKEY_free (Pkey);
if (X509Cert != NULL) {
X509_free (X509Cert);
}
if (Pkey != NULL) {
EVP_PKEY_free (Pkey);
}
return Status;
}
@@ -498,15 +513,22 @@ X509VerifyCert (
//
// Register & Initialize necessary digest algorithms for certificate verification.
//
EVP_add_digest (EVP_md5());
EVP_add_digest (EVP_sha1());
EVP_add_digest (EVP_sha256());
if (EVP_add_digest (EVP_md5 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha1 ()) == 0) {
goto _Exit;
}
if (EVP_add_digest (EVP_sha256 ()) == 0) {
goto _Exit;
}
//
// Read DER-encoded certificate to be verified and Construct X509 object.
//
Status = X509ConstructCertificate (Cert, CertSize, (UINT8 **) &X509Cert);
if ((X509Cert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
}
@@ -515,9 +537,12 @@ X509VerifyCert (
//
Status = X509ConstructCertificate (CACert, CACertSize, (UINT8 **) &X509CACert);
if ((X509CACert == NULL) || (!Status)) {
Status = FALSE;
goto _Exit;
}
Status = FALSE;
//
// Set up X509 Store for trusted certificate.
//
@@ -546,9 +571,17 @@ _Exit:
//
// Release Resources.
//
X509_free (X509Cert);
X509_free (X509CACert);
X509_STORE_free (CertStore);
if (X509Cert != NULL) {
X509_free (X509Cert);
}
if (X509CACert != NULL) {
X509_free (X509CACert);
}
if (CertStore != NULL) {
X509_STORE_free (CertStore);
}
return Status;
}