Revision: 17635
http://sourceforge.net/p/edk2/code/17635
Author: qlong
Date: 2015-06-16 00:54:16 +0000 (Tue, 16 Jun 2015)
Log Message:
-----------
CryptoPkg: Wrapper files updates to support openssl-1.0.2c
This patch updates some support header and wrapper files to support
openssl-1.0.2c build, and correct some openssl API usages and
boundary check.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <[email protected]>
Reviewed-by: Ard Biesheuvel <[email protected]>
Modified Paths:
--------------
trunk/edk2/CryptoPkg/Include/OpenSslSupport.h
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
Added Paths:
-----------
trunk/edk2/CryptoPkg/Include/memory.h
Modified: trunk/edk2/CryptoPkg/Include/OpenSslSupport.h
===================================================================
--- trunk/edk2/CryptoPkg/Include/OpenSslSupport.h 2015-06-16 00:52:40 UTC
(rev 17634)
+++ trunk/edk2/CryptoPkg/Include/OpenSslSupport.h 2015-06-16 00:54:16 UTC
(rev 17635)
@@ -1,7 +1,7 @@
/** @file
Root include file to support building OpenSSL Crypto Library.
-Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -109,6 +109,11 @@
char *tm_zone; /* timezone abbreviation */
};
+struct timeval {
+ long tv_sec; /* time value, in seconds */
+ long tv_usec; /* time value, in microseconds */
+} timeval;
+
struct dirent {
UINT32 d_fileno; /* file number of entry */
UINT16 d_reclen; /* length of this record */
@@ -240,5 +245,6 @@
#define assert(expression)
#define localtime(timer) NULL
#define gmtime_r(timer,result) (result = NULL)
+#define atoi(nptr) AsciiStrDecimalToUintn(nptr)
#endif
Added: trunk/edk2/CryptoPkg/Include/memory.h
===================================================================
--- trunk/edk2/CryptoPkg/Include/memory.h (rev 0)
+++ trunk/edk2/CryptoPkg/Include/memory.h 2015-06-16 00:54:16 UTC (rev
17635)
@@ -0,0 +1,16 @@
+/** @file
+ Include file to support building OpenSSL Crypto Library.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD
License
+which accompanies this distribution. The full text of the license may be
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <OpenSslSupport.h>
+
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
2015-06-16 00:52:40 UTC (rev 17634)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
2015-06-16 00:54:16 UTC (rev 17635)
@@ -9,7 +9,7 @@
AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check
for
data structure.
-Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -72,6 +72,7 @@
{
BOOLEAN Status;
PKCS7 *Pkcs7;
+ CONST UINT8 *Temp;
CONST UINT8 *OrigAuthData;
UINT8 *SpcIndirectDataContent;
UINT8 Asn1Byte;
@@ -96,7 +97,8 @@
//
// Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature
//
- Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize);
+ Temp = AuthData;
+ Pkcs7 = d2i_PKCS7 (NULL, &Temp, (int)DataSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
2015-06-16 00:52:40 UTC (rev 17634)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
2015-06-16 00:54:16 UTC (rev 17635)
@@ -1,7 +1,7 @@
/** @file
PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -116,9 +116,9 @@
if (Key == NULL) {
goto _Exit;
}
- Key->save_type = EVP_PKEY_RSA;
- Key->type = EVP_PKEY_type (EVP_PKEY_RSA);
- Key->pkey.rsa = (RSA *) RsaContext;
+ if (EVP_PKEY_assign_RSA (Key, (RSA *) RsaContext) == 0) {
+ goto _Exit;
+ }
//
// Convert the data to be signed to BIO format.
@@ -175,7 +175,7 @@
}
CopyMem (*SignedData, P7Data + 19, *SignedDataSize);
-
+
OPENSSL_free (P7Data);
Status = TRUE;
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
2015-06-16 00:52:40 UTC (rev 17634)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
2015-06-16 00:54:16 UTC (rev 17635)
@@ -10,7 +10,7 @@
WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated
Variable and will do basic check for data structure.
-Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -273,7 +273,7 @@
goto _Exit;
}
- Length = ((BUF_MEM *) CertBio->ptr)->length;
+ Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length);
if (Length <= 0) {
goto _Exit;
}
@@ -343,7 +343,7 @@
PKCS7 *Pkcs7;
BOOLEAN Status;
UINT8 *SignedData;
- UINT8 *Temp;
+ CONST UINT8 *Temp;
UINTN SignedDataSize;
BOOLEAN Wrapped;
STACK_OF(X509) *Stack;
@@ -549,7 +549,7 @@
X509 *Cert;
X509_STORE *CertStore;
UINT8 *SignedData;
- UINT8 *Temp;
+ CONST UINT8 *Temp;
UINTN SignedDataSize;
BOOLEAN Wrapped;
@@ -618,7 +618,8 @@
//
// Read DER-encoded root certificate and Construct X509 Certificate
//
- Cert = d2i_X509 (NULL, &TrustedCert, (long) CertLength);
+ Temp = TrustedCert;
+ Cert = d2i_X509 (NULL, &Temp, (long) CertLength);
if (Cert == NULL) {
goto _Exit;
}
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c 2015-06-16
00:52:40 UTC (rev 17634)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c 2015-06-16
00:54:16 UTC (rev 17635)
@@ -5,7 +5,7 @@
the lifetime of the signature when a signing certificate expires or is later
revoked.
-Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -441,11 +441,12 @@
CONST UINT8 *TokenTemp;
PKCS7 *Pkcs7;
X509 *Cert;
+ CONST UINT8 *CertTemp;
X509_STORE *CertStore;
BIO *OutBio;
UINT8 *TstData;
UINTN TstSize;
- UINT8 *TstTemp;
+ CONST UINT8 *TstTemp;
TS_TST_INFO *TstInfo;
Status = FALSE;
@@ -490,7 +491,8 @@
//
// Read the trusted TSA certificate (DER-encoded), and Construct X509
Certificate.
//
- Cert = d2i_X509 (NULL, &TsaCert, (long) CertSize);
+ CertTemp = TsaCert;
+ Cert = d2i_X509 (NULL, &CertTemp, (long) CertSize);
if (Cert == NULL) {
goto _Exit;
}
@@ -605,6 +607,7 @@
{
BOOLEAN Status;
PKCS7 *Pkcs7;
+ CONST UINT8 *Temp;
STACK_OF(PKCS7_SIGNER_INFO) *SignerInfos;
PKCS7_SIGNER_INFO *SignInfo;
UINTN Index;
@@ -644,7 +647,8 @@
//
// Decode ASN.1-encoded Authenticode data into PKCS7 structure.
//
- Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &AuthData, (int) DataSize);
+ Temp = AuthData;
+ Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **) &Temp, (int) DataSize);
if (Pkcs7 == NULL) {
goto _Exit;
}
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c 2015-06-16
00:52:40 UTC (rev 17634)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c 2015-06-16
00:54:16 UTC (rev 17635)
@@ -1,7 +1,7 @@
/** @file
X.509 Certificate Handler Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -38,7 +38,8 @@
OUT UINT8 **SingleX509Cert
)
{
- X509 *X509Cert;
+ X509 *X509Cert;
+ CONST UINT8 *Temp;
//
// Check input parameters.
@@ -50,7 +51,8 @@
//
// Read DER-encoded X509 Certificate and Construct X509 object.
//
- X509Cert = d2i_X509 (NULL, &Cert, (long) CertSize);
+ Temp = Cert;
+ X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
if (X509Cert == NULL) {
return FALSE;
}
@@ -123,6 +125,9 @@
}
CertSize = VA_ARG (Args, UINTN);
+ if (CertSize == 0) {
+ break;
+ }
//
// Construct X509 Object from the given DER-encoded certificate data.
@@ -133,7 +138,9 @@
(UINT8 **) &X509Cert
);
if (!Status) {
- X509_free (X509Cert);
+ if (X509Cert != NULL) {
+ X509_free (X509Cert);
+ }
break;
}
@@ -518,7 +525,8 @@
//
// Check input parameters.
//
- if ((Cert == NULL) || (TBSCert == NULL) || (TBSCertSize == NULL)) {
+ if ((Cert == NULL) || (TBSCert == NULL) ||
+ (TBSCertSize == NULL) || (CertSize > INT_MAX)) {
return FALSE;
}
------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
