Reviewed-by: Jiaxin Wu <jiaxin...@intel.com>
> -----Original Message----- > From: Samer El-Haj-Mahmoud [mailto:samer.el-haj-mahm...@hpe.com] > Sent: Friday, April 29, 2016 2:50 AM > To: edk2-devel@lists.01.org > Cc: Wu, Jiaxin <jiaxin...@intel.com>; Samer El-Haj-Mahmoud <samer.el- > haj-mahm...@hpe.com>; Samer El-Haj-Mahmoud <el...@hpe.com>; > Thomas Palmer <thomas.pal...@hpe.com> > Subject: [staging/HTTPS-TLS][PATCH] CryptPkg: Cleanup TlsLib X509Store > initialization > > Cleanup TlsLib to create a new X509 store only if needed in TlsNew(), and set > its flags when created, not every time we are adding a certificate (in > TlsSetCaCertificate) > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Samer El-Haj-Mahmoud <el...@hpe.com> > Signed-off-by: Thomas Palmer <thomas.pal...@hpe.com> > --- > CryptoPkg/Library/TlsLib/TlsLib.c | 41 ++++++++++++++++++++++++++------ > ------- > 1 file changed, 28 insertions(+), 13 deletions(-) > > diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c > b/CryptoPkg/Library/TlsLib/TlsLib.c > index 0818653..b91fee7 100644 > --- a/CryptoPkg/Library/TlsLib/TlsLib.c > +++ b/CryptoPkg/Library/TlsLib/TlsLib.c > @@ -130,7 +130,7 @@ TlsInitialize ( > // Loads error strings from both crypto and ssl library. > // > SSL_load_error_strings (); > - > + > /// OpenSSL_add_all_algorithms(); > > // > @@ -274,6 +274,7 @@ TlsNew ( > ) > { > TLS_CONNECTION *TlsConn; > + X509_STORE *X509Store; > > TlsConn = NULL; > > @@ -342,6 +343,28 @@ TlsNew ( > // > SSL_set_bio (TlsConn->Ssl, TlsConn->InBio, TlsConn->OutBio); > > + > + // > + // Create new X509 store if needed > + // > + X509Store = SSL_CTX_get_cert_store (TlsConn->Ssl->ctx); if > + (X509Store == NULL) { > + X509Store = X509_STORE_new (); > + if (X509Store == NULL) { > + TlsFree ((VOID *) TlsConn); > + return NULL; > + } > + SSL_CTX_set1_verify_cert_store (TlsConn->Ssl->ctx, X509Store); > + X509_STORE_free (X509Store); > + } > + > + // > + // Set X509_STORE flags used in certificate validation // > + X509_STORE_set_flags ( > + X509Store, > + X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME > + ); > return (VOID *) TlsConn; > } > > @@ -1473,15 +1496,13 @@ TlsSetCaCertificate ( > > X509Store = SSL_CTX_get_cert_store(TlsConn->Ssl->ctx); > if (X509Store == NULL) { > - X509Store = X509_STORE_new(); > - if (X509Store == NULL) { > Status = EFI_ABORTED; > goto ON_EXIT; > - } > - > - SSL_CTX_set_cert_store(TlsConn->Ssl->ctx, X509Store); > } > > + // > + // Add certificate to X509 store > + // > Ret = X509_STORE_add_cert (X509Store, Cert); > if (Ret != 1) { > ErrorCode = ERR_peek_last_error (); @@ -1493,14 +1514,8 @@ > TlsSetCaCertificate ( > Status = EFI_ABORTED; > goto ON_EXIT; > } > - > } > - > - X509_STORE_set_flags ( > - X509Store, > - X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME > - ); > - > + > ON_EXIT: > if (BioCert != NULL) { > BIO_free (BioCert); > -- > 2.6.3.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
