CryptoPkg: Add some comments for API usage clarification.

This patch adds some comments for API usage clarification, and
adds one object initialization in X509ConstructCertificateStack
implementation to fix possible memory release issue.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17671 6f19259b-4bc3-4df7-8a09-765794883524

CryptoPkg/Include/Library/BaseCryptLib.h

@@ -1631,6 +1631,8 @@ RsaGenerateKey (
 
 /**
   Validates key components of RSA context.
+  NOTE: This function performs integrity checks on all the RSA key material, so
+        the RSA key structure must contain all the private key data.
 
   This function validates key compoents of RSA context in following aspects:
   - Whether p is a prime
@@ -1859,7 +1861,7 @@ X509ConstructCertificate (
   If X509Stack is NULL, then return FALSE.
   If this interface is not supported, then return FALSE.
 
-  @param[in, out]  X509Stack  On input, pointer to an existing X509 stack object.
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
                               On output, pointer to the X509 stack object with new
                               inserted X509 certificate.
   @param           ...        A list of DER-encoded single certificate data followed

CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c

@@ -244,6 +244,8 @@ _Exit:
 
 /**
   Validates key components of RSA context. 
+  NOTE: This function performs integrity checks on all the RSA key material, so
+        the RSA key structure must contain all the private key data.
 
   This function validates key compoents of RSA context in following aspects:
   - Whether p is a prime

CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c

@@ -67,7 +67,7 @@ X509ConstructCertificate (
 
   If X509Stack is NULL, then return FALSE.
 
-  @param[in, out]  X509Stack  On input, pointer to an existing X509 stack object.
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
                               On output, pointer to the X509 stack object with new
                               inserted X509 certificate.
   @param           ...        A list of DER-encoded single certificate data followed
@@ -132,6 +132,7 @@ X509ConstructCertificateStack (
     //
     // Construct X509 Object from the given DER-encoded certificate data.
     //
+    X509Cert = NULL;
     Status = X509ConstructCertificate (
                (CONST UINT8 *) Cert,
                CertSize,

CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c

@@ -44,7 +44,7 @@ X509ConstructCertificate (
 
   Return FALSE to indicate this interface is not supported.
 
-  @param[in, out]  X509Stack  On input, pointer to an existing X509 stack object.
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
                               On output, pointer to the X509 stack object with new
                               inserted X509 certificate.
   @param           ...        A list of DER-encoded single certificate data followed

CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/Pk/CryptX509Null.c

@@ -44,7 +44,7 @@ X509ConstructCertificate (
 
   Return FALSE to indicate this interface is not supported.
 
-  @param[in, out]  X509Stack  On input, pointer to an existing X509 stack object.
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 stack object.
                               On output, pointer to the X509 stack object with new
                               inserted X509 certificate.
   @param           ...        A list of DER-encoded single certificate data followed