tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-23 13:44:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg: Remove deprecated function usage in X509GetCommonName()

Browse Source 
BZ#: https://bugzilla.tianocore.org/show_bug.cgi?id=923

X509_NAME_get_text_by_NID() used in X509GetCommonName() implementation
is one legacy function which have various limitations. The returned
data may be not usable  when the target cert contains multicharacter
string type like a BMPString or a UTF8String.
This patch replaced the legacy function usage with more general
X509_NAME_get_index_by_NID() / X509_NAME_get_entry() APIs for X509
CommonName retrieving.

Tests: Validated the commonName retrieving with test certificates
       containing PrintableString or BMPString data.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Long Qin <qin.long@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit is contained in:
Long Qin 2018-05-24 16:08:51 +08:00
parent 38c977c148
commit 0b6457efab
3 changed files with 47 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CryptoPkg/Include/Library/BaseCryptLib.h
View File

@ -4,7 +4,7 @@
primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security
functionality enabling. functionality enabling.
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -2177,7 +2177,7 @@ X509GetSubjectName (
@param[in] Cert Pointer to the DER-encoded X509 certificate. @param[in] Cert Pointer to the DER-encoded X509 certificate.
@param[in] CertSize Size of the X509 certificate in bytes. @param[in] CertSize Size of the X509 certificate in bytes.
@param[out] CommonName Buffer to contain the retrieved certificate common @param[out] CommonName Buffer to contain the retrieved certificate common
name string. At most CommonNameSize bytes will be name string (UTF8). At most CommonNameSize bytes will be
written and the string will be null terminated. May be written and the string will be null terminated. May be
NULL in order to determine the size buffer needed. NULL in order to determine the size buffer needed.
@param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input,

53
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
X.509 Certificate Handler Wrapper Implementation over OpenSSL. X.509 Certificate Handler Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -303,7 +303,7 @@ _Exit:
@param[in] Cert Pointer to the DER-encoded X509 certificate. @param[in] Cert Pointer to the DER-encoded X509 certificate.
@param[in] CertSize Size of the X509 certificate in bytes. @param[in] CertSize Size of the X509 certificate in bytes.
@param[out] CommonName Buffer to contain the retrieved certificate common @param[out] CommonName Buffer to contain the retrieved certificate common
name string. At most CommonNameSize bytes will be name string (UTF8). At most CommonNameSize bytes will be
written and the string will be null terminated. May be written and the string will be null terminated. May be
NULL in order to determine the size buffer needed. NULL in order to determine the size buffer needed.
@param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input,
@ -332,13 +332,18 @@ X509GetCommonName (
IN OUT UINTN *CommonNameSize IN OUT UINTN *CommonNameSize
) )
{ {
RETURN_STATUS ReturnStatus; RETURN_STATUS ReturnStatus;
BOOLEAN Status; BOOLEAN Status;
X509 *X509Cert; X509 *X509Cert;
X509_NAME *X509Name; X509_NAME *X509Name;
INTN Length; INT32 Index;
INTN Length;
X509_NAME_ENTRY *Entry;
ASN1_STRING *EntryData;
UINT8 *UTF8Name;
ReturnStatus = RETURN_INVALID_PARAMETER; ReturnStatus = RETURN_INVALID_PARAMETER;
UTF8Name = NULL;
// //
// Check input parameters. // Check input parameters.
@ -378,8 +383,8 @@ X509GetCommonName (
// //
// Retrieve the CommonName information from X.509 Subject // Retrieve the CommonName information from X.509 Subject
// //
Length = (INTN) X509_NAME_get_text_by_NID (X509Name, NID_commonName, CommonName, (int)(*CommonNameSize)); Index = X509_NAME_get_index_by_NID (X509Name, NID_commonName, -1);
if (Length < 0) { if (Index < 0) {
// //
// No CommonName entry exists in X509_NAME object // No CommonName entry exists in X509_NAME object
// //
@ -388,10 +393,35 @@ X509GetCommonName (
goto _Exit; goto _Exit;
} }
*CommonNameSize = (UINTN)(Length + 1); Entry = X509_NAME_get_entry (X509Name, Index);
if (Entry == NULL) {
//
// Fail to retrieve name entry data
//
*CommonNameSize = 0;
ReturnStatus = RETURN_NOT_FOUND;
goto _Exit;
}
EntryData = X509_NAME_ENTRY_get_data (Entry);
Length = ASN1_STRING_to_UTF8 (&UTF8Name, EntryData);
if (Length < 0) {
//
// Fail to convert the commonName string
//
*CommonNameSize = 0;
ReturnStatus = RETURN_INVALID_PARAMETER;
goto _Exit;
}
if (CommonName == NULL) { if (CommonName == NULL) {
*CommonNameSize = Length + 1;
ReturnStatus = RETURN_BUFFER_TOO_SMALL; ReturnStatus = RETURN_BUFFER_TOO_SMALL;
} else { } else {
*CommonNameSize = MIN ((UINTN)Length, *CommonNameSize - 1) + 1;
CopyMem (CommonName, UTF8Name, *CommonNameSize - 1);
CommonName[*CommonNameSize - 1] = '\0';
ReturnStatus = RETURN_SUCCESS; ReturnStatus = RETURN_SUCCESS;
} }
@ -402,6 +432,9 @@ _Exit:
if (X509Cert != NULL) { if (X509Cert != NULL) {
X509_free (X509Cert); X509_free (X509Cert);
} }
if (UTF8Name != NULL) {
OPENSSL_free (UTF8Name);
}
return ReturnStatus; return ReturnStatus;
} }

4
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
View File

@ -2,7 +2,7 @@
X.509 Certificate Handler Wrapper Implementation which does not provide X.509 Certificate Handler Wrapper Implementation which does not provide
real capabilities. real capabilities.
Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -135,7 +135,7 @@ X509GetSubjectName (
@param[in] Cert Pointer to the DER-encoded X509 certificate. @param[in] Cert Pointer to the DER-encoded X509 certificate.
@param[in] CertSize Size of the X509 certificate in bytes. @param[in] CertSize Size of the X509 certificate in bytes.
@param[out] CommonName Buffer to contain the retrieved certificate common @param[out] CommonName Buffer to contain the retrieved certificate common
name string. At most CommonNameSize bytes will be name string (UTF8). At most CommonNameSize bytes will be
written and the string will be null terminated. May be written and the string will be null terminated. May be
NULL in order to determine the size buffer needed. NULL in order to determine the size buffer needed.
@param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input, @param[in,out] CommonNameSize The size in bytes of the CommonName buffer on input,