CryptoPkg: Update PK Cipher Wrappers work with opaque objects.

OpenSSL-1.1.xx makes most data structures opaque.
This patch updates Public Key Cipher Wrapper implementations in
BaseCryptLib to use the accessor APIs for opaque object access.
The impacted interfaces includes RSA, DH, X509, PKCS7, etc.

Cc: Ting Ye <ting.ye@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Ronald Cron <ronald.cron@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
This commit is contained in:
Qin Long 2017-03-21 22:58:07 +08:00
parent 4c27024399
commit f56b11d2cd
7 changed files with 225 additions and 256 deletions

View File

@ -1,7 +1,7 @@
/** @file /** @file
Diffie-Hellman Wrapper Implementation over OpenSSL. Diffie-Hellman Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -16,7 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/dh.h> #include <openssl/dh.h>
/** /**
Allocates and Initializes one Diffie-Hellman Context for subsequent use. Allocates and Initializes one Diffie-Hellman Context for subsequent use.
@ -88,6 +87,7 @@ DhGenerateParameter (
) )
{ {
BOOLEAN RetVal; BOOLEAN RetVal;
BIGNUM *BnP;
// //
// Check input parameters. // Check input parameters.
@ -105,7 +105,8 @@ DhGenerateParameter (
return FALSE; return FALSE;
} }
BN_bn2bin (((DH *) DhContext)->p, Prime); DH_get0_pqg (DhContext, (const BIGNUM **)&BnP, NULL, NULL);
BN_bn2bin (BnP, Prime);
return TRUE; return TRUE;
} }
@ -141,7 +142,8 @@ DhSetParameter (
) )
{ {
DH *Dh; DH *Dh;
BIGNUM *Bn; BIGNUM *BnP;
BIGNUM *BnG;
// //
// Check input parameters. // Check input parameters.
@ -154,44 +156,21 @@ DhSetParameter (
return FALSE; return FALSE;
} }
Bn = NULL; //
// Set the generator and prime parameters for DH object.
Dh = (DH *) DhContext; //
Dh->g = NULL; Dh = (DH *)DhContext;
Dh->p = BN_new (); BnP = BN_bin2bn ((const unsigned char *)Prime, (int)(PrimeLength / 8), NULL);
if (Dh->p == NULL) { BnG = BN_bin2bn ((const unsigned char *)&Generator, 1, NULL);
goto Error; if ((BnP == NULL) || (BnG == NULL) || !DH_set0_pqg (Dh, BnP, NULL, BnG)) {
}
Dh->g = BN_new ();
if (Dh->g == NULL) {
goto Error;
}
Bn = BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
if (Bn == NULL) {
goto Error;
}
if (BN_set_word (Dh->g, (UINT32) Generator) == 0) {
goto Error; goto Error;
} }
return TRUE; return TRUE;
Error: Error:
BN_free (BnP);
if (Dh->p != NULL) { BN_free (BnG);
BN_free (Dh->p);
}
if (Dh->g != NULL) {
BN_free (Dh->g);
}
if (Bn != NULL) {
BN_free (Bn);
}
return FALSE; return FALSE;
} }
@ -228,6 +207,7 @@ DhGenerateKey (
{ {
BOOLEAN RetVal; BOOLEAN RetVal;
DH *Dh; DH *Dh;
BIGNUM *DhPubKey;
INTN Size; INTN Size;
// //
@ -245,17 +225,14 @@ DhGenerateKey (
RetVal = (BOOLEAN) DH_generate_key (DhContext); RetVal = (BOOLEAN) DH_generate_key (DhContext);
if (RetVal) { if (RetVal) {
Size = BN_num_bytes (Dh->pub_key); DH_get0_key (Dh, (const BIGNUM **)&DhPubKey, NULL);
if (Size <= 0) { Size = BN_num_bytes (DhPubKey);
*PublicKeySize = 0; if ((Size > 0) && (*PublicKeySize < (UINTN) Size)) {
return FALSE;
}
if (*PublicKeySize < (UINTN) Size) {
*PublicKeySize = Size; *PublicKeySize = Size;
return FALSE; return FALSE;
} }
BN_bn2bin (Dh->pub_key, PublicKey); BN_bn2bin (DhPubKey, PublicKey);
*PublicKeySize = Size; *PublicKeySize = Size;
} }

View File

@ -1,7 +1,7 @@
/** @file /** @file
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -18,7 +18,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/pkcs7.h> #include <openssl/pkcs7.h>
/** /**
Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
Syntax Standard, version 1.5". This interface is only intended to be used for Syntax Standard, version 1.5". This interface is only intended to be used for
@ -184,13 +183,6 @@ _Exit:
// //
// Release Resources // Release Resources
// //
if (RsaContext != NULL) {
RsaFree (RsaContext);
if (Key != NULL) {
Key->pkey.rsa = NULL;
}
}
if (Key != NULL) { if (Key != NULL) {
EVP_PKEY_free (Key); EVP_PKEY_free (Key);
} }

View File

@ -10,7 +10,7 @@
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
Variable and will do basic check for data structure. Variable and will do basic check for data structure.
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -163,6 +163,7 @@ X509PopCertificate (
STACK_OF(X509) *CertStack; STACK_OF(X509) *CertStack;
BOOLEAN Status; BOOLEAN Status;
INT32 Result; INT32 Result;
BUF_MEM *Ptr;
INT32 Length; INT32 Length;
VOID *Buffer; VOID *Buffer;
@ -192,7 +193,8 @@ X509PopCertificate (
goto _Exit; goto _Exit;
} }
Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length); BIO_get_mem_ptr (CertBio, &Ptr);
Length = (INT32)(Ptr->length);
if (Length <= 0) { if (Length <= 0) {
goto _Exit; goto _Exit;
} }
@ -463,12 +465,15 @@ Pkcs7GetCertificatesList (
BOOLEAN Wrapped; BOOLEAN Wrapped;
UINT8 Index; UINT8 Index;
PKCS7 *Pkcs7; PKCS7 *Pkcs7;
X509_STORE_CTX CertCtx; X509_STORE_CTX *CertCtx;
STACK_OF(X509) *CtxChain;
STACK_OF(X509) *CtxUntrusted;
X509 *CtxCert;
STACK_OF(X509) *Signers; STACK_OF(X509) *Signers;
X509 *Signer; X509 *Signer;
X509 *Cert; X509 *Cert;
X509 *TempCert;
X509 *Issuer; X509 *Issuer;
X509_NAME *IssuerName;
UINT8 *CertBuf; UINT8 *CertBuf;
UINT8 *OldBuf; UINT8 *OldBuf;
UINTN BufferSize; UINTN BufferSize;
@ -482,8 +487,11 @@ Pkcs7GetCertificatesList (
Status = FALSE; Status = FALSE;
NewP7Data = NULL; NewP7Data = NULL;
Pkcs7 = NULL; Pkcs7 = NULL;
CertCtx = NULL;
CtxChain = NULL;
CtxCert = NULL;
CtxUntrusted = NULL;
Cert = NULL; Cert = NULL;
TempCert = NULL;
SingleCert = NULL; SingleCert = NULL;
CertBuf = NULL; CertBuf = NULL;
OldBuf = NULL; OldBuf = NULL;
@ -531,19 +539,26 @@ Pkcs7GetCertificatesList (
} }
Signer = sk_X509_value (Signers, 0); Signer = sk_X509_value (Signers, 0);
if (!X509_STORE_CTX_init (&CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) { CertCtx = X509_STORE_CTX_new ();
if (CertCtx == NULL) {
goto _Error;
}
if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) {
goto _Error; goto _Error;
} }
// //
// Initialize Chained & Untrusted stack // Initialize Chained & Untrusted stack
// //
if (CertCtx.chain == NULL) { CtxChain = X509_STORE_CTX_get0_chain (CertCtx);
if (((CertCtx.chain = sk_X509_new_null ()) == NULL) || CtxCert = X509_STORE_CTX_get0_cert (CertCtx);
(!sk_X509_push (CertCtx.chain, CertCtx.cert))) { if (CtxChain == NULL) {
if (((CtxChain = sk_X509_new_null ()) == NULL) ||
(!sk_X509_push (CtxChain, CtxCert))) {
goto _Error; goto _Error;
} }
} }
(VOID)sk_X509_delete_ptr (CertCtx.untrusted, Signer); CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);
(VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
// //
// Build certificates stack chained from Signer's certificate. // Build certificates stack chained from Signer's certificate.
@ -553,27 +568,25 @@ Pkcs7GetCertificatesList (
// //
// Self-Issue checking // Self-Issue checking
// //
if (CertCtx.check_issued (&CertCtx, Cert, Cert)) { Issuer = NULL;
break; if (X509_STORE_CTX_get1_issuer (&Issuer, CertCtx, Cert) == 1) {
if (X509_cmp (Issuer, Cert) == 0) {
break;
}
} }
// //
// Found the issuer of the current certificate // Found the issuer of the current certificate
// //
if (CertCtx.untrusted != NULL) { if (CtxUntrusted != NULL) {
Issuer = NULL; Issuer = NULL;
for (Index = 0; Index < sk_X509_num (CertCtx.untrusted); Index++) { IssuerName = X509_get_issuer_name (Cert);
TempCert = sk_X509_value (CertCtx.untrusted, Index); Issuer = X509_find_by_subject (CtxUntrusted, IssuerName);
if (CertCtx.check_issued (&CertCtx, Cert, TempCert)) {
Issuer = TempCert;
break;
}
}
if (Issuer != NULL) { if (Issuer != NULL) {
if (!sk_X509_push (CertCtx.chain, Issuer)) { if (!sk_X509_push (CtxChain, Issuer)) {
goto _Error; goto _Error;
} }
(VOID)sk_X509_delete_ptr (CertCtx.untrusted, Issuer); (VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer);
Cert = Issuer; Cert = Issuer;
continue; continue;
@ -595,13 +608,13 @@ Pkcs7GetCertificatesList (
// UINT8 Certn[]; // UINT8 Certn[];
// //
if (CertCtx.chain != NULL) { if (CtxChain != NULL) {
BufferSize = sizeof (UINT8); BufferSize = sizeof (UINT8);
OldSize = BufferSize; OldSize = BufferSize;
CertBuf = NULL; CertBuf = NULL;
for (Index = 0; ; Index++) { for (Index = 0; ; Index++) {
Status = X509PopCertificate (CertCtx.chain, &SingleCert, &CertSize); Status = X509PopCertificate (CtxChain, &SingleCert, &CertSize);
if (!Status) { if (!Status) {
break; break;
} }
@ -639,13 +652,13 @@ Pkcs7GetCertificatesList (
} }
} }
if (CertCtx.untrusted != NULL) { if (CtxUntrusted != NULL) {
BufferSize = sizeof (UINT8); BufferSize = sizeof (UINT8);
OldSize = BufferSize; OldSize = BufferSize;
CertBuf = NULL; CertBuf = NULL;
for (Index = 0; ; Index++) { for (Index = 0; ; Index++) {
Status = X509PopCertificate (CertCtx.untrusted, &SingleCert, &CertSize); Status = X509PopCertificate (CtxUntrusted, &SingleCert, &CertSize);
if (!Status) { if (!Status) {
break; break;
} }
@ -698,7 +711,8 @@ _Error:
} }
sk_X509_free (Signers); sk_X509_free (Signers);
X509_STORE_CTX_cleanup (&CertCtx); X509_STORE_CTX_cleanup (CertCtx);
X509_STORE_CTX_free (CertCtx);
if (SingleCert != NULL) { if (SingleCert != NULL) {
free (SingleCert); free (SingleCert);

View File

@ -7,7 +7,7 @@
3) RsaSetKey 3) RsaSetKey
4) RsaPkcs1Verify 4) RsaPkcs1Verify
Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -92,7 +92,15 @@ RsaSetKey (
IN UINTN BnSize IN UINTN BnSize
) )
{ {
RSA *RsaKey; RSA *RsaKey;
BIGNUM *BnN;
BIGNUM *BnE;
BIGNUM *BnD;
BIGNUM *BnP;
BIGNUM *BnQ;
BIGNUM *BnDp;
BIGNUM *BnDq;
BIGNUM *BnQInv;
// //
// Check input parameters. // Check input parameters.
@ -101,7 +109,23 @@ RsaSetKey (
return FALSE; return FALSE;
} }
BnN = NULL;
BnE = NULL;
BnD = NULL;
BnP = NULL;
BnQ = NULL;
BnDp = NULL;
BnDq = NULL;
BnQInv = NULL;
//
// Retrieve the components from RSA object.
//
RsaKey = (RSA *) RsaContext; RsaKey = (RSA *) RsaContext;
RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);
RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);
RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);
// //
// Set RSA Key Components by converting octet string to OpenSSL BN representation. // Set RSA Key Components by converting octet string to OpenSSL BN representation.
// NOTE: For RSA public key (used in signature verification), only public components // NOTE: For RSA public key (used in signature verification), only public components
@ -110,144 +134,109 @@ RsaSetKey (
switch (KeyTag) { switch (KeyTag) {
// //
// RSA Public Modulus (N) // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)
// //
case RsaKeyN: case RsaKeyN:
if (RsaKey->n != NULL) {
BN_free (RsaKey->n);
}
RsaKey->n = NULL;
if (BigNumber == NULL) {
break;
}
RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
if (RsaKey->n == NULL) {
return FALSE;
}
break;
//
// RSA Public Exponent (e)
//
case RsaKeyE: case RsaKeyE:
if (RsaKey->e != NULL) {
BN_free (RsaKey->e);
}
RsaKey->e = NULL;
if (BigNumber == NULL) {
break;
}
RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
if (RsaKey->e == NULL) {
return FALSE;
}
break;
//
// RSA Private Exponent (d)
//
case RsaKeyD: case RsaKeyD:
if (RsaKey->d != NULL) { if (BnN == NULL) {
BN_free (RsaKey->d); BnN = BN_new ();
} }
RsaKey->d = NULL; if (BnE == NULL) {
if (BigNumber == NULL) { BnE = BN_new ();
}
if (BnD == NULL) {
BnD = BN_new ();
}
if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {
return FALSE;
}
switch (KeyTag) {
case RsaKeyN:
BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);
break; break;
case RsaKeyE:
BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);
break;
case RsaKeyD:
BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);
break;
default:
return FALSE;
} }
RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d); if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) {
if (RsaKey->d == NULL) {
return FALSE; return FALSE;
} }
break; break;
// //
// RSA Secret Prime Factor of Modulus (p) // RSA Secret Prime Factor of Modulus (p and q)
// //
case RsaKeyP: case RsaKeyP:
if (RsaKey->p != NULL) {
BN_free (RsaKey->p);
}
RsaKey->p = NULL;
if (BigNumber == NULL) {
break;
}
RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
if (RsaKey->p == NULL) {
return FALSE;
}
break;
//
// RSA Secret Prime Factor of Modules (q)
//
case RsaKeyQ: case RsaKeyQ:
if (RsaKey->q != NULL) { if (BnP == NULL) {
BN_free (RsaKey->q); BnP = BN_new ();
} }
RsaKey->q = NULL; if (BnQ == NULL) {
if (BigNumber == NULL) { BnQ = BN_new ();
}
if ((BnP == NULL) || (BnQ == NULL)) {
return FALSE;
}
switch (KeyTag) {
case RsaKeyP:
BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);
break; break;
case RsaKeyQ:
BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);
break;
default:
return FALSE;
} }
RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q); if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) {
if (RsaKey->q == NULL) {
return FALSE; return FALSE;
} }
break; break;
// //
// p's CRT Exponent (== d mod (p - 1)) // p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),
// and CRT Coefficient (== 1/q mod p)
// //
case RsaKeyDp: case RsaKeyDp:
if (RsaKey->dmp1 != NULL) {
BN_free (RsaKey->dmp1);
}
RsaKey->dmp1 = NULL;
if (BigNumber == NULL) {
break;
}
RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
if (RsaKey->dmp1 == NULL) {
return FALSE;
}
break;
//
// q's CRT Exponent (== d mod (q - 1))
//
case RsaKeyDq: case RsaKeyDq:
if (RsaKey->dmq1 != NULL) { case RsaKeyQInv:
BN_free (RsaKey->dmq1); if (BnDp == NULL) {
BnDp = BN_new ();
} }
RsaKey->dmq1 = NULL; if (BnDq == NULL) {
if (BigNumber == NULL) { BnDq = BN_new ();
break;
} }
RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1); if (BnQInv == NULL) {
if (RsaKey->dmq1 == NULL) { BnQInv = BN_new ();
}
if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {
return FALSE; return FALSE;
} }
break; switch (KeyTag) {
case RsaKeyDp:
// BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);
// The CRT Coefficient (== 1/q mod p)
//
case RsaKeyQInv:
if (RsaKey->iqmp != NULL) {
BN_free (RsaKey->iqmp);
}
RsaKey->iqmp = NULL;
if (BigNumber == NULL) {
break; break;
case RsaKeyDq:
BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);
break;
case RsaKeyQInv:
BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);
break;
default:
return FALSE;
} }
RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp); if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) {
if (RsaKey->iqmp == NULL) {
return FALSE; return FALSE;
} }

View File

@ -7,7 +7,7 @@
3) RsaCheckKey 3) RsaCheckKey
4) RsaPkcs1Sign 4) RsaPkcs1Sign
Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -74,6 +74,7 @@ RsaGetKey (
RsaKey = (RSA *) RsaContext; RsaKey = (RSA *) RsaContext;
Size = *BnSize; Size = *BnSize;
*BnSize = 0; *BnSize = 0;
BnKey = NULL;
switch (KeyTag) { switch (KeyTag) {
@ -81,86 +82,66 @@ RsaGetKey (
// RSA Public Modulus (N) // RSA Public Modulus (N)
// //
case RsaKeyN: case RsaKeyN:
if (RsaKey->n == NULL) { RSA_get0_key (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
return TRUE;
}
BnKey = RsaKey->n;
break; break;
// //
// RSA Public Exponent (e) // RSA Public Exponent (e)
// //
case RsaKeyE: case RsaKeyE:
if (RsaKey->e == NULL) { RSA_get0_key (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
return TRUE;
}
BnKey = RsaKey->e;
break; break;
// //
// RSA Private Exponent (d) // RSA Private Exponent (d)
// //
case RsaKeyD: case RsaKeyD:
if (RsaKey->d == NULL) { RSA_get0_key (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
return TRUE;
}
BnKey = RsaKey->d;
break; break;
// //
// RSA Secret Prime Factor of Modulus (p) // RSA Secret Prime Factor of Modulus (p)
// //
case RsaKeyP: case RsaKeyP:
if (RsaKey->p == NULL) { RSA_get0_factors (RsaKey, (const BIGNUM **)&BnKey, NULL);
return TRUE;
}
BnKey = RsaKey->p;
break; break;
// //
// RSA Secret Prime Factor of Modules (q) // RSA Secret Prime Factor of Modules (q)
// //
case RsaKeyQ: case RsaKeyQ:
if (RsaKey->q == NULL) { RSA_get0_factors (RsaKey, NULL, (const BIGNUM **)&BnKey);
return TRUE;
}
BnKey = RsaKey->q;
break; break;
// //
// p's CRT Exponent (== d mod (p - 1)) // p's CRT Exponent (== d mod (p - 1))
// //
case RsaKeyDp: case RsaKeyDp:
if (RsaKey->dmp1 == NULL) { RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
return TRUE;
}
BnKey = RsaKey->dmp1;
break; break;
// //
// q's CRT Exponent (== d mod (q - 1)) // q's CRT Exponent (== d mod (q - 1))
// //
case RsaKeyDq: case RsaKeyDq:
if (RsaKey->dmq1 == NULL) { RSA_get0_crt_params (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
return TRUE;
}
BnKey = RsaKey->dmq1;
break; break;
// //
// The CRT Coefficient (== 1/q mod p) // The CRT Coefficient (== 1/q mod p)
// //
case RsaKeyQInv: case RsaKeyQInv:
if (RsaKey->iqmp == NULL) { RSA_get0_crt_params (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
return TRUE;
}
BnKey = RsaKey->iqmp;
break; break;
default: default:
return FALSE; return FALSE;
} }
if (BnKey == NULL) {
return FALSE;
}
*BnSize = Size; *BnSize = Size;
Size = BN_num_bytes (BnKey); Size = BN_num_bytes (BnKey);
@ -170,7 +151,8 @@ RsaGetKey (
} }
if (BigNumber == NULL) { if (BigNumber == NULL) {
return FALSE; *BnSize = Size;
return TRUE;
} }
*BnSize = BN_bn2bin (BnKey, BigNumber) ; *BnSize = BN_bn2bin (BnKey, BigNumber) ;
@ -337,7 +319,7 @@ RsaPkcs1Sign (
} }
Rsa = (RSA *) RsaContext; Rsa = (RSA *) RsaContext;
Size = BN_num_bytes (Rsa->n); Size = RSA_size (Rsa);
if (*SigSize < Size) { if (*SigSize < Size) {
*SigSize = Size; *SigSize = Size;

View File

@ -5,7 +5,7 @@
the lifetime of the signature when a signing certificate expires or is later the lifetime of the signature when a signing certificate expires or is later
revoked. revoked.
Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -239,7 +239,7 @@ CheckTSTInfo (
TS_MESSAGE_IMPRINT *Imprint; TS_MESSAGE_IMPRINT *Imprint;
X509_ALGOR *HashAlgo; X509_ALGOR *HashAlgo;
CONST EVP_MD *Md; CONST EVP_MD *Md;
EVP_MD_CTX MdCtx; EVP_MD_CTX *MdCtx;
UINTN MdSize; UINTN MdSize;
UINT8 *HashedMsg; UINT8 *HashedMsg;
@ -249,6 +249,7 @@ CheckTSTInfo (
Status = FALSE; Status = FALSE;
HashAlgo = NULL; HashAlgo = NULL;
HashedMsg = NULL; HashedMsg = NULL;
MdCtx = NULL;
// //
// -- Check version number of Timestamp: // -- Check version number of Timestamp:
@ -285,11 +286,17 @@ CheckTSTInfo (
if (HashedMsg == NULL) { if (HashedMsg == NULL) {
goto _Exit; goto _Exit;
} }
EVP_DigestInit (&MdCtx, Md); MdCtx = EVP_MD_CTX_new ();
EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize); if (MdCtx == NULL) {
EVP_DigestFinal (&MdCtx, HashedMsg, NULL); goto _Exit;
}
if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) ||
(EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) ||
(EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) {
goto _Exit;
}
if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) && if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) &&
(CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage), MdSize) != 0)) { (CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) {
goto _Exit; goto _Exit;
} }
@ -315,6 +322,7 @@ CheckTSTInfo (
_Exit: _Exit:
X509_ALGOR_free (HashAlgo); X509_ALGOR_free (HashAlgo);
EVP_MD_CTX_free (MdCtx);
if (HashedMsg != NULL) { if (HashedMsg != NULL) {
FreePool (HashedMsg); FreePool (HashedMsg);
} }

View File

@ -1,7 +1,7 @@
/** @file /** @file
X.509 Certificate Handler Wrapper Implementation over OpenSSL. X.509 Certificate Handler Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -350,14 +350,14 @@ RsaGetPublicKeyFromX509 (
// Retrieve and check EVP_PKEY data from X509 Certificate. // Retrieve and check EVP_PKEY data from X509 Certificate.
// //
Pkey = X509_get_pubkey (X509Cert); Pkey = X509_get_pubkey (X509Cert);
if ((Pkey == NULL) || (Pkey->type != EVP_PKEY_RSA)) { if ((Pkey == NULL) || (EVP_PKEY_id (Pkey) != EVP_PKEY_RSA)) {
goto _Exit; goto _Exit;
} }
// //
// Duplicate RSA Context from the retrieved EVP_PKEY. // Duplicate RSA Context from the retrieved EVP_PKEY.
// //
if ((*RsaContext = RSAPublicKey_dup (Pkey->pkey.rsa)) != NULL) { if ((*RsaContext = RSAPublicKey_dup (EVP_PKEY_get0_RSA (Pkey))) != NULL) {
Status = TRUE; Status = TRUE;
} }
@ -405,7 +405,7 @@ X509VerifyCert (
X509 *X509Cert; X509 *X509Cert;
X509 *X509CACert; X509 *X509CACert;
X509_STORE *CertStore; X509_STORE *CertStore;
X509_STORE_CTX CertCtx; X509_STORE_CTX *CertCtx;
// //
// Check input parameters. // Check input parameters.
@ -418,6 +418,7 @@ X509VerifyCert (
X509Cert = NULL; X509Cert = NULL;
X509CACert = NULL; X509CACert = NULL;
CertStore = NULL; CertStore = NULL;
CertCtx = NULL;
// //
// Register & Initialize necessary digest algorithms for certificate verification. // Register & Initialize necessary digest algorithms for certificate verification.
@ -473,15 +474,19 @@ X509VerifyCert (
// //
// Set up X509_STORE_CTX for the subsequent verification operation. // Set up X509_STORE_CTX for the subsequent verification operation.
// //
if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) { CertCtx = X509_STORE_CTX_new ();
if (CertCtx == NULL) {
goto _Exit;
}
if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) {
goto _Exit; goto _Exit;
} }
// //
// X509 Certificate Verification. // X509 Certificate Verification.
// //
Status = (BOOLEAN) X509_verify_cert (&CertCtx); Status = (BOOLEAN) X509_verify_cert (CertCtx);
X509_STORE_CTX_cleanup (&CertCtx); X509_STORE_CTX_cleanup (CertCtx);
_Exit: _Exit:
// //
@ -499,6 +504,8 @@ _Exit:
X509_STORE_free (CertStore); X509_STORE_free (CertStore);
} }
X509_STORE_CTX_free (CertCtx);
return Status; return Status;
} }