From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>, Xiaoyu Lu <xiaoyux.lu@intel.com>
Subject: [Patch v7 1/5] CryptoPkg/BaseCryptLib: Add X509ConstructCertificateStackV().
Date: Tue, 4 Feb 2020 18:58:41 -0800 [thread overview]
Message-ID: <20200205025845.9764-2-michael.d.kinney@intel.com> (raw)
In-Reply-To: <20200205025845.9764-1-michael.d.kinney@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2420
Add X509ConstructCertificateStackV() to BaseCryptLib that is
identical in behavior to X509ConstructCertificateStack(), but
it takes a VA_LIST parameter for the variable argument list.
The VA_LIST form of this function is required for BaseCryptLib
functions to be wrapped in a Protocol/PPI.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
---
CryptoPkg/Include/Library/BaseCryptLib.h | 26 ++++++++++
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 50 +++++++++++++++----
.../Library/BaseCryptLib/Pk/CryptX509Null.c | 32 +++++++++++-
.../BaseCryptLibNull/Pk/CryptX509Null.c | 32 +++++++++++-
4 files changed, 128 insertions(+), 12 deletions(-)
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 8320fddc4c..5e8f2e0a10 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2371,6 +2371,32 @@ X509ConstructCertificate (
OUT UINT8 **SingleX509Cert
);
+/**
+ Construct a X509 stack object from a list of DER-encoded certificate data.
+
+ If X509Stack is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.
+ On output, pointer to the X509 stack object with new
+ inserted X509 certificate.
+ @param[in] Args VA_LIST marker for the variable argument list.
+ A list of DER-encoded single certificate data followed
+ by certificate size. A NULL terminates the list. The
+ pairs are the arguments to X509ConstructCertificate().
+
+ @retval TRUE The X509 stack construction succeeded.
+ @retval FALSE The construction operation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStackV (
+ IN OUT UINT8 **X509Stack,
+ IN VA_LIST Args
+ );
+
/**
Construct a X509 stack object from a list of DER-encoded certificate data.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 9b5579e71a..b1393a89c5 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -1,7 +1,7 @@
/** @file
X.509 Certificate Handler Wrapper Implementation over OpenSSL.
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -60,23 +60,26 @@ X509ConstructCertificate (
Construct a X509 stack object from a list of DER-encoded certificate data.
If X509Stack is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
@param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.
On output, pointer to the X509 stack object with new
inserted X509 certificate.
- @param ... A list of DER-encoded single certificate data followed
+ @param[in] Args VA_LIST marker for the variable argument list.
+ A list of DER-encoded single certificate data followed
by certificate size. A NULL terminates the list. The
pairs are the arguments to X509ConstructCertificate().
@retval TRUE The X509 stack construction succeeded.
@retval FALSE The construction operation failed.
+ @retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
-X509ConstructCertificateStack (
- IN OUT UINT8 **X509Stack,
- ...
+X509ConstructCertificateStackV (
+ IN OUT UINT8 **X509Stack,
+ IN VA_LIST Args
)
{
UINT8 *Cert;
@@ -84,7 +87,6 @@ X509ConstructCertificateStack (
X509 *X509Cert;
STACK_OF(X509) *CertStack;
BOOLEAN Status;
- VA_LIST Args;
UINTN Index;
//
@@ -107,8 +109,6 @@ X509ConstructCertificateStack (
}
}
- VA_START (Args, X509Stack);
-
for (Index = 0; ; Index++) {
//
// If Cert is NULL, then it is the end of the list.
@@ -145,8 +145,6 @@ X509ConstructCertificateStack (
sk_X509_push (CertStack, X509Cert);
}
- VA_END (Args);
-
if (!Status) {
sk_X509_pop_free (CertStack, X509_free);
} else {
@@ -156,6 +154,38 @@ X509ConstructCertificateStack (
return Status;
}
+/**
+ Construct a X509 stack object from a list of DER-encoded certificate data.
+
+ If X509Stack is NULL, then return FALSE.
+
+ @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.
+ On output, pointer to the X509 stack object with new
+ inserted X509 certificate.
+ @param ... A list of DER-encoded single certificate data followed
+ by certificate size. A NULL terminates the list. The
+ pairs are the arguments to X509ConstructCertificate().
+
+ @retval TRUE The X509 stack construction succeeded.
+ @retval FALSE The construction operation failed.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStack (
+ IN OUT UINT8 **X509Stack,
+ ...
+ )
+{
+ VA_LIST Args;
+ BOOLEAN Result;
+
+ VA_START (Args, X509Stack);
+ Result = X509ConstructCertificateStackV (X509Stack, Args);
+ VA_END (Args);
+ return Result;
+}
+
/**
Release the specified X509 object.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
index 5e59cb1634..14309825ed 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
@@ -2,7 +2,7 @@
X.509 Certificate Handler Wrapper Implementation which does not provide
real capabilities.
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -33,6 +33,36 @@ X509ConstructCertificate (
return FALSE;
}
+/**
+ Construct a X509 stack object from a list of DER-encoded certificate data.
+
+ If X509Stack is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.
+ On output, pointer to the X509 stack object with new
+ inserted X509 certificate.
+ @param[in] Args VA_LIST marker for the variable argument list.
+ A list of DER-encoded single certificate data followed
+ by certificate size. A NULL terminates the list. The
+ pairs are the arguments to X509ConstructCertificate().
+
+ @retval TRUE The X509 stack construction succeeded.
+ @retval FALSE The construction operation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStackV (
+ IN OUT UINT8 **X509Stack,
+ IN VA_LIST Args
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
/**
Construct a X509 stack object from a list of DER-encoded certificate data.
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c
index 5e59cb1634..14309825ed 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c
@@ -2,7 +2,7 @@
X.509 Certificate Handler Wrapper Implementation which does not provide
real capabilities.
-Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -33,6 +33,36 @@ X509ConstructCertificate (
return FALSE;
}
+/**
+ Construct a X509 stack object from a list of DER-encoded certificate data.
+
+ If X509Stack is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] X509Stack On input, pointer to an existing or NULL X509 stack object.
+ On output, pointer to the X509 stack object with new
+ inserted X509 certificate.
+ @param[in] Args VA_LIST marker for the variable argument list.
+ A list of DER-encoded single certificate data followed
+ by certificate size. A NULL terminates the list. The
+ pairs are the arguments to X509ConstructCertificate().
+
+ @retval TRUE The X509 stack construction succeeded.
+ @retval FALSE The construction operation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStackV (
+ IN OUT UINT8 **X509Stack,
+ IN VA_LIST Args
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
/**
Construct a X509 stack object from a list of DER-encoded certificate data.
--
2.21.0.windows.1
next prev parent reply other threads:[~2020-02-05 2:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-05 2:58 [Patch v7 0/5] CryptoPkg: Add modules that produce BaseCryptLib services Michael D Kinney
2020-02-05 2:58 ` Michael D Kinney [this message]
2020-02-05 2:58 ` [Patch v7 2/5] CryptoPkg: Add EDK II Crypto Protocols/PPIs/PCDs Michael D Kinney
2020-02-05 2:58 ` [Patch v7 3/5] CryptoPkg/Driver: Add Crypto PEIM, DXE, and SMM modules Michael D Kinney
2020-02-05 2:58 ` [Patch v7 4/5] CryptoPkg/Library: Add BaseCryptLibOnProtocolPpi instances Michael D Kinney
2020-02-05 2:58 ` [Patch v7 5/5] CryptoPkg/CryptoPkg.dsc: Add build of Crypto libraries/modules Michael D Kinney
2020-02-05 6:03 ` [Patch v7 0/5] CryptoPkg: Add modules that produce BaseCryptLib services Wang, Jian J
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200205025845.9764-2-michael.d.kinney@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox