From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com []) by mx.groups.io with SMTP id smtpd.web11.4622.1580367646496651347 for ; Wed, 29 Jan 2020 23:00:47 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: michael.d.kinney@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Jan 2020 23:00:40 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,380,1574150400"; d="scan'208";a="224049729" Received: from mdkinney-mobl2.amr.corp.intel.com ([10.254.44.187]) by fmsmga008.fm.intel.com with ESMTP; 29 Jan 2020 23:00:40 -0800 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Jian J Wang , Xiaoyu Lu Subject: [Patch 1/5] CryptoPkg/BaseCryptLib: Add X509ConstructCertificateStackV(). Date: Wed, 29 Jan 2020 23:00:33 -0800 Message-Id: <20200130070037.8516-2-michael.d.kinney@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20200130070037.8516-1-michael.d.kinney@intel.com> References: <20200130070037.8516-1-michael.d.kinney@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit https://bugzilla.tianocore.org/show_bug.cgi?id=2420 Add X509ConstructCertificateStackV() to BaseCryptLib that is identical in behavior to X509ConstructCertificateStack(), but it takes a VA_LIST parameter for the variable argument list. The VA_LIST form of this function is required for BaseCryptLib functions to be wrapped in a Protocol/PPI. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Michael D Kinney --- CryptoPkg/Include/Library/BaseCryptLib.h | 26 ++++++++++ CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 50 +++++++++++++++---- .../Library/BaseCryptLib/Pk/CryptX509Null.c | 32 +++++++++++- .../BaseCryptLibNull/Pk/CryptX509Null.c | 32 +++++++++++- 4 files changed, 128 insertions(+), 12 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 8320fddc4c..5e8f2e0a10 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2371,6 +2371,32 @@ X509ConstructCertificate ( OUT UINT8 **SingleX509Cert ); +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args + ); + /** Construct a X509 stack object from a list of DER-encoded certificate data. diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 9b5579e71a..b1393a89c5 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -1,7 +1,7 @@ /** @file X.509 Certificate Handler Wrapper Implementation over OpenSSL. -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -60,23 +60,26 @@ X509ConstructCertificate ( Construct a X509 stack object from a list of DER-encoded certificate data. If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. On output, pointer to the X509 stack object with new inserted X509 certificate. - @param ... A list of DER-encoded single certificate data followed + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed by certificate size. A NULL terminates the list. The pairs are the arguments to X509ConstructCertificate(). @retval TRUE The X509 stack construction succeeded. @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. **/ BOOLEAN EFIAPI -X509ConstructCertificateStack ( - IN OUT UINT8 **X509Stack, - ... +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args ) { UINT8 *Cert; @@ -84,7 +87,6 @@ X509ConstructCertificateStack ( X509 *X509Cert; STACK_OF(X509) *CertStack; BOOLEAN Status; - VA_LIST Args; UINTN Index; // @@ -107,8 +109,6 @@ X509ConstructCertificateStack ( } } - VA_START (Args, X509Stack); - for (Index = 0; ; Index++) { // // If Cert is NULL, then it is the end of the list. @@ -145,8 +145,6 @@ X509ConstructCertificateStack ( sk_X509_push (CertStack, X509Cert); } - VA_END (Args); - if (!Status) { sk_X509_pop_free (CertStack, X509_free); } else { @@ -156,6 +154,38 @@ X509ConstructCertificateStack ( return Status; } +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param ... A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStack ( + IN OUT UINT8 **X509Stack, + ... + ) +{ + VA_LIST Args; + BOOLEAN Result; + + VA_START (Args, X509Stack); + Result = X509ConstructCertificateStackV (X509Stack, Args); + VA_END (Args); + return Result; +} + /** Release the specified X509 object. diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c index 5e59cb1634..14309825ed 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c @@ -2,7 +2,7 @@ X.509 Certificate Handler Wrapper Implementation which does not provide real capabilities. -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -33,6 +33,36 @@ X509ConstructCertificate ( return FALSE; } +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args + ) +{ + ASSERT (FALSE); + return FALSE; +} + /** Construct a X509 stack object from a list of DER-encoded certificate data. diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c index 5e59cb1634..14309825ed 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c @@ -2,7 +2,7 @@ X.509 Certificate Handler Wrapper Implementation which does not provide real capabilities. -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -33,6 +33,36 @@ X509ConstructCertificate ( return FALSE; } +/** + Construct a X509 stack object from a list of DER-encoded certificate data. + + If X509Stack is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object. + On output, pointer to the X509 stack object with new + inserted X509 certificate. + @param[in] Args VA_LIST marker for the variable argument list. + A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). + + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +X509ConstructCertificateStackV ( + IN OUT UINT8 **X509Stack, + IN VA_LIST Args + ) +{ + ASSERT (FALSE); + return FALSE; +} + /** Construct a X509 stack object from a list of DER-encoded certificate data. -- 2.21.0.windows.1