[edk2-devel] [PATCH EDK2 v1 1/1] CryptoPkg/BaseCryptLib: Support PEM certification

Tue, 09 Nov 2021 04:58:40 -0800 

As PEM-encoded certificate is also necessary, add
support for PEM-encoded certificate in
X509ConstructCertificate.

Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Xiaoyu Lu <xiaoyux...@intel.com>
Cc: Guomin Jiang <guomin.ji...@intel.com>
Signed-off-by: Jiaxia Xu <xujia...@huawei.com>
Signed-off-by: Wenyi Xie <xiewen...@huawei.com>
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 33 ++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c 
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index b1393a89c5ab..db122cd574fa 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -9,6 +9,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "InternalCryptLib.h"
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
+#include <openssl/pem.h>
 
 /**
   Construct a X509 object from DER-encoded certificate data.
@@ -33,7 +34,12 @@ X509ConstructCertificate (
   )
 {
   X509         *X509Cert;
+  BIO          *BioCert;
   CONST UINT8  *Temp;
+  BOOLEAN      CertFlag;
+
+  BioCert   = NULL;
+  CertFlag  = TRUE;
 
   //
   // Check input parameters.
@@ -48,12 +54,35 @@ X509ConstructCertificate (
   Temp     = Cert;
   X509Cert = d2i_X509 (NULL, &Temp, (long) CertSize);
   if (X509Cert == NULL) {
-    return FALSE;
+    BioCert = BIO_new (BIO_s_mem ());
+    if (BioCert == NULL) {
+      CertFlag = FALSE;
+      goto ON_EXIT;
+    }
+
+    if (BIO_write (BioCert, Temp, (UINT32) CertSize) <= 0) {
+      CertFlag = FALSE;
+      goto ON_EXIT;
+    }
+
+    //
+    // Read PEM-encoded X509 Certificate and Construct X509 object.
+    //
+    X509Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);
+    if (X509Cert == NULL) {
+      CertFlag = FALSE;
+      goto ON_EXIT;
+    }
   }
 
   *SingleX509Cert = (UINT8 *) X509Cert;
 
-  return TRUE;
+ON_EXIT:
+  if (BioCert != NULL) {
+    BIO_free (BioCert);
+  }
+
+  return CertFlag;
 }
 
 /**
-- 
2.20.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83510): https://edk2.groups.io/g/devel/message/83510
Mute This Topic: https://groups.io/mt/86930148/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to