From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.3176.1580801499527916320 for ; Mon, 03 Feb 2020 23:31:39 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jian.j.wang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Feb 2020 23:31:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,398,1574150400"; d="scan'208";a="310965717" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga001.jf.intel.com with ESMTP; 03 Feb 2020 23:31:38 -0800 Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 3 Feb 2020 23:31:38 -0800 Received: from shsmsx153.ccr.corp.intel.com (10.239.6.53) by fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 3 Feb 2020 23:31:38 -0800 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.46]) by SHSMSX153.ccr.corp.intel.com ([169.254.12.97]) with mapi id 14.03.0439.000; Tue, 4 Feb 2020 15:31:36 +0800 From: "Wang, Jian J" To: "Kinney, Michael D" , "devel@edk2.groups.io" CC: "Lu, XiaoyuX" Subject: Re: [Patch 1/5] CryptoPkg/BaseCryptLib: Add X509ConstructCertificateStackV(). Thread-Topic: [Patch 1/5] CryptoPkg/BaseCryptLib: Add X509ConstructCertificateStackV(). Thread-Index: AQHV1zsJawDKio7lFkmHu3qBTFlpbagKq7ww Date: Tue, 4 Feb 2020 07:31:36 +0000 Message-ID: References: <20200130070037.8516-1-michael.d.kinney@intel.com> <20200130070037.8516-2-michael.d.kinney@intel.com> In-Reply-To: <20200130070037.8516-2-michael.d.kinney@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZjBiZmQxZjAtYTAzZS00OTcwLTk5NDItMWMxNGE3YjZjZTljIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiVDJwT1hON2RmWm9HNlFvVlZBZnlPY0p5N3kzZkVUZkhuUVZpYWZXdlJFVUJyek5ScVcrVlNVTFBTUFwvMkxFaTEifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Kinney, Michael D > Sent: Thursday, January 30, 2020 3:01 PM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: [Patch 1/5] CryptoPkg/BaseCryptLib: Add > X509ConstructCertificateStackV(). >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2420 >=20 > Add X509ConstructCertificateStackV() to BaseCryptLib that is > identical in behavior to X509ConstructCertificateStack(), but > it takes a VA_LIST parameter for the variable argument list. >=20 > The VA_LIST form of this function is required for BaseCryptLib > functions to be wrapped in a Protocol/PPI. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Signed-off-by: Michael D Kinney > --- > CryptoPkg/Include/Library/BaseCryptLib.h | 26 ++++++++++ > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 50 +++++++++++++++---- > .../Library/BaseCryptLib/Pk/CryptX509Null.c | 32 +++++++++++- > .../BaseCryptLibNull/Pk/CryptX509Null.c | 32 +++++++++++- > 4 files changed, 128 insertions(+), 12 deletions(-) >=20 > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 8320fddc4c..5e8f2e0a10 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -2371,6 +2371,32 @@ X509ConstructCertificate ( > OUT UINT8 **SingleX509Cert > ); >=20 > +/** > + Construct a X509 stack object from a list of DER-encoded certificate d= ata. > + > + If X509Stack is NULL, then return FALSE. > + If this interface is not supported, then return FALSE. > + > + @param[in, out] X509Stack On input, pointer to an existing or NULL X= 509 > stack object. > + On output, pointer to the X509 stack objec= t with new > + inserted X509 certificate. > + @param[in] Args VA_LIST marker for the variable argument l= ist. > + A list of DER-encoded single certificate d= ata followed > + by certificate size. A NULL terminates the= list. The > + pairs are the arguments to X509ConstructCe= rtificate(). > + > + @retval TRUE The X509 stack construction succeeded. > + @retval FALSE The construction operation failed. > + @retval FALSE This interface is not supported. > + > +**/ > +BOOLEAN > +EFIAPI > +X509ConstructCertificateStackV ( > + IN OUT UINT8 **X509Stack, > + IN VA_LIST Args > + ); > + > /** > Construct a X509 stack object from a list of DER-encoded certificate d= ata. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c > index 9b5579e71a..b1393a89c5 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c > @@ -1,7 +1,7 @@ > /** @file > X.509 Certificate Handler Wrapper Implementation over OpenSSL. >=20 > -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ > @@ -60,23 +60,26 @@ X509ConstructCertificate ( > Construct a X509 stack object from a list of DER-encoded certificate d= ata. >=20 > If X509Stack is NULL, then return FALSE. > + If this interface is not supported, then return FALSE. >=20 > @param[in, out] X509Stack On input, pointer to an existing or NULL X= 509 > stack object. > On output, pointer to the X509 stack objec= t with new > inserted X509 certificate. > - @param ... A list of DER-encoded single certificate d= ata followed > + @param[in] Args VA_LIST marker for the variable argument l= ist. > + A list of DER-encoded single certificate d= ata followed > by certificate size. A NULL terminates the= list. The > pairs are the arguments to X509ConstructCe= rtificate(). >=20 > @retval TRUE The X509 stack construction succeeded. > @retval FALSE The construction operation failed. > + @retval FALSE This interface is not supported. >=20 > **/ > BOOLEAN > EFIAPI > -X509ConstructCertificateStack ( > - IN OUT UINT8 **X509Stack, > - ... > +X509ConstructCertificateStackV ( > + IN OUT UINT8 **X509Stack, > + IN VA_LIST Args > ) > { > UINT8 *Cert; > @@ -84,7 +87,6 @@ X509ConstructCertificateStack ( > X509 *X509Cert; > STACK_OF(X509) *CertStack; > BOOLEAN Status; > - VA_LIST Args; > UINTN Index; >=20 > // > @@ -107,8 +109,6 @@ X509ConstructCertificateStack ( > } > } >=20 > - VA_START (Args, X509Stack); > - > for (Index =3D 0; ; Index++) { > // > // If Cert is NULL, then it is the end of the list. > @@ -145,8 +145,6 @@ X509ConstructCertificateStack ( > sk_X509_push (CertStack, X509Cert); > } >=20 > - VA_END (Args); > - > if (!Status) { > sk_X509_pop_free (CertStack, X509_free); > } else { > @@ -156,6 +154,38 @@ X509ConstructCertificateStack ( > return Status; > } >=20 > +/** > + Construct a X509 stack object from a list of DER-encoded certificate d= ata. > + > + If X509Stack is NULL, then return FALSE. > + > + @param[in, out] X509Stack On input, pointer to an existing or NULL X= 509 > stack object. > + On output, pointer to the X509 stack objec= t with new > + inserted X509 certificate. > + @param ... A list of DER-encoded single certificate d= ata followed > + by certificate size. A NULL terminates the= list. The > + pairs are the arguments to X509ConstructCe= rtificate(). > + > + @retval TRUE The X509 stack construction succeeded. > + @retval FALSE The construction operation failed. > + > +**/ > +BOOLEAN > +EFIAPI > +X509ConstructCertificateStack ( > + IN OUT UINT8 **X509Stack, > + ... > + ) > +{ > + VA_LIST Args; > + BOOLEAN Result; > + > + VA_START (Args, X509Stack); > + Result =3D X509ConstructCertificateStackV (X509Stack, Args); > + VA_END (Args); > + return Result; > +} > + > /** > Release the specified X509 object. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c > index 5e59cb1634..14309825ed 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c > @@ -2,7 +2,7 @@ > X.509 Certificate Handler Wrapper Implementation which does not provid= e > real capabilities. >=20 > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ > @@ -33,6 +33,36 @@ X509ConstructCertificate ( > return FALSE; > } >=20 > +/** > + Construct a X509 stack object from a list of DER-encoded certificate d= ata. > + > + If X509Stack is NULL, then return FALSE. > + If this interface is not supported, then return FALSE. > + > + @param[in, out] X509Stack On input, pointer to an existing or NULL X= 509 > stack object. > + On output, pointer to the X509 stack objec= t with new > + inserted X509 certificate. > + @param[in] Args VA_LIST marker for the variable argument l= ist. > + A list of DER-encoded single certificate d= ata followed > + by certificate size. A NULL terminates the= list. The > + pairs are the arguments to X509ConstructCe= rtificate(). > + > + @retval TRUE The X509 stack construction succeeded. > + @retval FALSE The construction operation failed. > + @retval FALSE This interface is not supported. > + > +**/ > +BOOLEAN > +EFIAPI > +X509ConstructCertificateStackV ( > + IN OUT UINT8 **X509Stack, > + IN VA_LIST Args > + ) > +{ > + ASSERT (FALSE); > + return FALSE; > +} > + > /** > Construct a X509 stack object from a list of DER-encoded certificate d= ata. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c > b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c > index 5e59cb1634..14309825ed 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c > @@ -2,7 +2,7 @@ > X.509 Certificate Handler Wrapper Implementation which does not provid= e > real capabilities. >=20 > -Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ > @@ -33,6 +33,36 @@ X509ConstructCertificate ( > return FALSE; > } >=20 > +/** > + Construct a X509 stack object from a list of DER-encoded certificate d= ata. > + > + If X509Stack is NULL, then return FALSE. > + If this interface is not supported, then return FALSE. > + > + @param[in, out] X509Stack On input, pointer to an existing or NULL X= 509 > stack object. > + On output, pointer to the X509 stack objec= t with new > + inserted X509 certificate. > + @param[in] Args VA_LIST marker for the variable argument l= ist. > + A list of DER-encoded single certificate d= ata followed > + by certificate size. A NULL terminates the= list. The > + pairs are the arguments to X509ConstructCe= rtificate(). > + > + @retval TRUE The X509 stack construction succeeded. > + @retval FALSE The construction operation failed. > + @retval FALSE This interface is not supported. > + > +**/ > +BOOLEAN > +EFIAPI > +X509ConstructCertificateStackV ( > + IN OUT UINT8 **X509Stack, > + IN VA_LIST Args > + ) > +{ > + ASSERT (FALSE); > + return FALSE; > +} > + > /** > Construct a X509 stack object from a list of DER-encoded certificate d= ata. >=20 > -- > 2.21.0.windows.1