tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg: Wrapper files updates to support openssl-1.0.2c 

This patch updates some support header and wrapper files to support
openssl-1.0.2c build, and correct some openssl API usages and
boundary check.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17635 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Qin Long 2015-06-16 00:54:16 +00:00 committed by qlong
parent 73c54a5823
commit 1463ce18ca
7 changed files with 59 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CryptoPkg/Include/OpenSslSupport.h
View File

@ -1,7 +1,7 @@
/** @file /** @file
Root include file to support building OpenSSL Crypto Library. Root include file to support building OpenSSL Crypto Library.
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -109,6 +109,11 @@ struct tm {
char *tm_zone; /* timezone abbreviation */ char *tm_zone; /* timezone abbreviation */
}; };
struct timeval {
long tv_sec; /* time value, in seconds */
long tv_usec; /* time value, in microseconds */
} timeval;
struct dirent { struct dirent {
UINT32 d_fileno; /* file number of entry */ UINT32 d_fileno; /* file number of entry */
UINT16 d_reclen; /* length of this record */ UINT16 d_reclen; /* length of this record */
@ -240,5 +245,6 @@ extern FILE *stdout;
#define assert(expression) #define assert(expression)
#define localtime(timer) NULL #define localtime(timer) NULL
#define gmtime_r(timer,result) (result = NULL) #define gmtime_r(timer,result) (result = NULL)
#define atoi(nptr) AsciiStrDecimalToUintn(nptr)
#endif #endif

16
CryptoPkg/Include/memory.h Normal file
View File

@ -0,0 +1,16 @@
/** @file
Include file to support building OpenSSL Crypto Library.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <OpenSslSupport.h>

6
CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
View File

@ -9,7 +9,7 @@
AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for
data structure. data structure.
Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -72,6 +72,7 @@ AuthenticodeVerify (
{ {
BOOLEAN Status; BOOLEAN Status;
PKCS7 *Pkcs7; PKCS7 *Pkcs7;
CONST UINT8 *Temp;
CONST UINT8 *OrigAuthData; CONST UINT8 *OrigAuthData;
UINT8 *SpcIndirectDataContent; UINT8 *SpcIndirectDataContent;
UINT8 Asn1Byte; UINT8 Asn1Byte;
@ -96,7 +97,8 @@ AuthenticodeVerify (
// //
// Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature
// //
Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize); Temp = AuthData;
Pkcs7 = d2i_PKCS7 (NULL, &Temp, (int)DataSize);
if (Pkcs7 == NULL) { if (Pkcs7 == NULL) {
goto _Exit; goto _Exit;
} }

10
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL. PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -116,9 +116,9 @@ Pkcs7Sign (
if (Key == NULL) { if (Key == NULL) {
goto _Exit; goto _Exit;
} }
Key->save_type = EVP_PKEY_RSA; if (EVP_PKEY_assign_RSA (Key, (RSA *) RsaContext) == 0) {
Key->type = EVP_PKEY_type (EVP_PKEY_RSA); goto _Exit;
Key->pkey.rsa = (RSA *) RsaContext; }
// //
// Convert the data to be signed to BIO format. // Convert the data to be signed to BIO format.
@ -175,7 +175,7 @@ Pkcs7Sign (
} }
CopyMem (*SignedData, P7Data + 19, *SignedDataSize); CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
OPENSSL_free (P7Data); OPENSSL_free (P7Data);
Status = TRUE; Status = TRUE;

11
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
View File

@ -10,7 +10,7 @@
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
Variable and will do basic check for data structure. Variable and will do basic check for data structure.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -273,7 +273,7 @@ X509PopCertificate (
goto _Exit; goto _Exit;
} }
Length = ((BUF_MEM *) CertBio->ptr)->length; Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length);
if (Length <= 0) { if (Length <= 0) {
goto _Exit; goto _Exit;
} }
@ -343,7 +343,7 @@ Pkcs7GetSigners (
PKCS7 *Pkcs7; PKCS7 *Pkcs7;
BOOLEAN Status; BOOLEAN Status;
UINT8 *SignedData; UINT8 *SignedData;
UINT8 *Temp; CONST UINT8 *Temp;
UINTN SignedDataSize; UINTN SignedDataSize;
BOOLEAN Wrapped; BOOLEAN Wrapped;
STACK_OF(X509) *Stack; STACK_OF(X509) *Stack;
@ -549,7 +549,7 @@ Pkcs7Verify (
X509 *Cert; X509 *Cert;
X509_STORE *CertStore; X509_STORE *CertStore;
UINT8 *SignedData; UINT8 *SignedData;
UINT8 *Temp; CONST UINT8 *Temp;
UINTN SignedDataSize; UINTN SignedDataSize;
BOOLEAN Wrapped; BOOLEAN Wrapped;
@ -618,7 +618,8 @@ Pkcs7Verify (
// //
// Read DER-encoded root certificate and Construct X509 Certificate // Read DER-encoded root certificate and Construct X509 Certificate
// //
Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength); Temp = TrustedCert;
Cert = d2i_X509 (NULL, &Temp, (long) CertLength);
if (Cert == NULL) { if (Cert == NULL) {
goto _Exit; goto _Exit;
} }

12
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
View File

@ -5,7 +5,7 @@
the lifetime of the signature when a signing certificate expires or is later the lifetime of the signature when a signing certificate expires or is later
revoked. revoked.
Copyright (c) 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -441,11 +441,12 @@ TimestampTokenVerify (
CONST UINT8 *TokenTemp; CONST UINT8 *TokenTemp;
PKCS7 *Pkcs7; PKCS7 *Pkcs7;
X509 *Cert; X509 *Cert;
CONST UINT8 *CertTemp;
X509_STORE *CertStore; X509_STORE *CertStore;
BIO *OutBio; BIO *OutBio;
UINT8 *TstData; UINT8 *TstData;
UINTN TstSize; UINTN TstSize;
UINT8 *TstTemp; CONST UINT8 *TstTemp;
TS_TST_INFO *TstInfo; TS_TST_INFO *TstInfo;
Status = FALSE; Status = FALSE;
@ -490,7 +491,8 @@ TimestampTokenVerify (
// //
// Read the trusted TSA certificate (DER-encoded), and Construct X509 Certificate. // Read the trusted TSA certificate (DER-encoded), and Construct X509 Certificate.
// //
Cert = d2i_X509 (NULL, &TsaCert, (long) CertSize); CertTemp = TsaCert;
Cert = d2i_X509 (NULL, &CertTemp, (long) CertSize);
if (Cert == NULL) { if (Cert == NULL) {
goto _Exit; goto _Exit;
} }
@ -605,6 +607,7 @@ ImageTimestampVerify (
{ {
BOOLEAN Status; BOOLEAN Status;
PKCS7 *Pkcs7; PKCS7 *Pkcs7;
CONST UINT8 *Temp;
STACK_OF(PKCS7_SIGNER_INFO) *SignerInfos; STACK_OF(PKCS7_SIGNER_INFO) *SignerInfos;
PKCS7_SIGNER_INFO *SignInfo; PKCS7_SIGNER_INFO *SignInfo;
UINTN Index; UINTN Index;
@ -644,7 +647,8 @@ ImageTimestampVerify (
// //
// Decode ASN.1-encoded Authenticode data into PKCS7 structure. // Decode ASN.1-encoded Authenticode data into PKCS7 structure.
// //
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &AuthData, (int) DataSize); Temp = AuthData;
Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) DataSize);
if (Pkcs7 == NULL) { if (Pkcs7 == NULL) {
goto _Exit; goto _Exit;
} }

18
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
X.509 Certificate Handler Wrapper Implementation over OpenSSL. X.509 Certificate Handler Wrapper Implementation over OpenSSL.
Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -38,7 +38,8 @@ X509ConstructCertificate (
OUT UINT8 **SingleX509Cert OUT UINT8 **SingleX509Cert
) )
{ {
X509 *X509Cert; X509 *X509Cert;
CONST UINT8 *Temp;
// //
// Check input parameters. // Check input parameters.
@ -50,7 +51,8 @@ X509ConstructCertificate (
// //
// Read DER-encoded X509 Certificate and Construct X509 object. // Read DER-encoded X509 Certificate and Construct X509 object.
// //
X509Cert = d2i_X509 (NULL, &Cert, (long) CertSize); Temp = Cert;
X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
if (X509Cert == NULL) { if (X509Cert == NULL) {
return FALSE; return FALSE;
} }
@ -123,6 +125,9 @@ X509ConstructCertificateStack (
} }
CertSize = VA_ARG (Args, UINTN); CertSize = VA_ARG (Args, UINTN);
if (CertSize == 0) {
break;
}
// //
// Construct X509 Object from the given DER-encoded certificate data. // Construct X509 Object from the given DER-encoded certificate data.
@ -133,7 +138,9 @@ X509ConstructCertificateStack (
(UINT8 **) &X509Cert (UINT8 **) &X509Cert
); );
if (!Status) { if (!Status) {
X509_free (X509Cert); if (X509Cert != NULL) {
X509_free (X509Cert);
}
break; break;
} }
@ -518,7 +525,8 @@ X509GetTBSCert (
// //
// Check input parameters. // Check input parameters.
// //
if ((Cert == NULL) || (TBSCert == NULL) || (TBSCertSize == NULL)) { if ((Cert == NULL) || (TBSCert == NULL) ||
(TBSCertSize == NULL) || (CertSize > INT_MAX)) {
return FALSE; return FALSE;
} }