diff options
| author | Gary Lin <glin@suse.com> | 2015-12-15 10:48:10 +0800 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2016-09-06 15:05:34 -0400 |
| commit | e571428e21280c28d0d591b70f13add7d8dbfe81 (patch) | |
| tree | fadafcf006016eb83dd989969d2232048048bad8 /Cryptlib/Pk/CryptX509.c | |
| parent | 7052e75307553edc8f04eb529b0d37844fbcc30b (diff) | |
| download | efi-boot-shim-e571428e21280c28d0d591b70f13add7d8dbfe81.tar.gz efi-boot-shim-e571428e21280c28d0d591b70f13add7d8dbfe81.zip | |
Update to openssl to 1.0.2e
Also update Cryptlib to edk2 r19218
- Undefine NO_BUILTIN_VA_FUNCS in Cryptlib/OpenSSL/ for x86_64 to use
the gcc builtins and remove all EFIAPI from the functions
- Move the most of defines into the headers instead of Makefile
- Remove the global variable 'timeval'
- Remove the unused code: crypto/pqueue/* and crypto/ts/*
- Include bn.h in MokManager.c due to the changes in openssl
Signed-off-by: Gary Lin <glin@suse.com>
Diffstat (limited to 'Cryptlib/Pk/CryptX509.c')
| -rw-r--r-- | Cryptlib/Pk/CryptX509.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/Cryptlib/Pk/CryptX509.c b/Cryptlib/Pk/CryptX509.c index 70b135a7..7dc45967 100644 --- a/Cryptlib/Pk/CryptX509.c +++ b/Cryptlib/Pk/CryptX509.c @@ -14,7 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "InternalCryptLib.h"
#include <openssl/x509.h>
-
+#include <openssl/rsa.h>
/**
Construct a X509 object from DER-encoded certificate data.
@@ -245,6 +245,7 @@ X509GetSubjectName ( BOOLEAN Status;
X509 *X509Cert;
X509_NAME *X509Name;
+ UINTN X509NameSize;
//
// Check input parameters.
@@ -274,13 +275,14 @@ X509GetSubjectName ( goto _Exit;
}
- if (*SubjectSize < (UINTN) X509Name->bytes->length) {
- *SubjectSize = (UINTN) X509Name->bytes->length;
+ X509NameSize = i2d_X509_NAME(X509Name, NULL);
+ if (*SubjectSize < X509NameSize) {
+ *SubjectSize = X509NameSize;
goto _Exit;
}
- *SubjectSize = (UINTN) X509Name->bytes->length;
+ *SubjectSize = X509NameSize;
if (CertSubject != NULL) {
- CopyMem (CertSubject, (UINT8 *) X509Name->bytes->data, *SubjectSize);
+ i2d_X509_NAME(X509Name, &CertSubject);
Status = TRUE;
}
@@ -462,6 +464,13 @@ X509VerifyCert ( }
//
+ // Allow partial certificate chains, terminated by a non-self-signed but
+ // still trusted intermediate certificate. Also disable time checks.
+ //
+ X509_STORE_set_flags (CertStore,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
+
+ //
// Set up X509_STORE_CTX for the subsequent verification operation.
//
if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) {
|