[PATCH 2/4] CryptoPkg: add new X509 function.


Qi Zhang
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4082

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Xiaoyu Lu <xiaoyu1.lu@...>
Cc: Guomin Jiang <guomin.jiang@...>
Signed-off-by: Qi Zhang <qi1.zhang@...>
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 1036 +++++++++++++++++
.../Library/BaseCryptLib/Pk/CryptX509Null.c | 429 +++++++
.../BaseCryptLibNull/Pk/CryptX509Null.c | 429 +++++++
3 files changed, 1894 insertions(+)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Libr=
ary/BaseCryptLib/Pk/CryptX509.c
index e6bb45e641..4cb3c9f814 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -8,8 +8,22 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
=0D
#include "InternalCryptLib.h"=0D
#include <openssl/x509.h>=0D
+#include <openssl/x509v3.h>=0D
+#include <crypto/asn1.h>=0D
+#include <openssl/asn1.h>=0D
#include <openssl/rsa.h>=0D
=0D
+/* OID*/=0D
+#define OID_EXT_KEY_USAGE { 0x55, 0x1D, 0x25 }=0D
+#define OID_BASIC_CONSTRAINTS { 0x55, 0x1D, 0x13 }=0D
+=0D
+static CONST UINT8 mOidExtKeyUsage[] =3D OID_EXT_KEY_USAGE;=0D
+static CONST UINT8 mOidBasicConstraints[] =3D OID_BASIC_CONSTRAINTS;=0D
+=0D
+#define CRYPTO_ASN1_TAG_CLASS_MASK 0xC0=0D
+#define CRYPTO_ASN1_TAG_PC_MASK 0x20=0D
+#define CRYPTO_ASN1_TAG_VALUE_MASK 0x1F=0D
+=0D
/**=0D
Construct a X509 object from DER-encoded certificate data.=0D
=0D
@@ -842,3 +856,1025 @@ X509GetTBSCert (
=0D
return TRUE;=0D
}=0D
+=0D
+/**=0D
+ Retrieve the version from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertSize is 0, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] Version Pointer to the retrieved version integer.=0D
+=0D
+ @retval TRUE The certificate version retrieved successfully.=0D
+ @retval FALSE If Cert is NULL or CertSize is Zero.=0D
+ @retval FALSE The operation is not supported.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetVersion (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINTN *Version=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+ X509 *X509Cert;=0D
+=0D
+ X509Cert =3D NULL;=0D
+ Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Ce=
rt);=0D
+ if ((X509Cert =3D=3D NULL) || (!Status)) {=0D
+ //=0D
+ // Invalid X.509 Certificate=0D
+ //=0D
+ Status =3D FALSE;=0D
+ }=0D
+=0D
+ if (Status) {=0D
+ *Version =3D X509_get_version (X509Cert);=0D
+ }=0D
+=0D
+ if (X509Cert !=3D NULL) {=0D
+ X509_free (X509Cert);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the serialNumber from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertSize is 0, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] SerialNumber Pointer to the retrieved certificate Seria=
lNumber bytes.=0D
+ @param[in, out] SerialNumberSize The size in bytes of the SerialNumber =
buffer on input,=0D
+ and the size of buffer returned SerialNumbe=
r on output.=0D
+=0D
+ @retval TRUE The certificate serialNumber retrieved =
successfully.=0D
+ @retval FALSE If Cert is NULL or CertSize is Zero.=0D
+ If SerialNumberSize is NULL.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no SerialNumber exists.=0D
+ @retval FALSE If the SerialNumber is NULL. The requir=
ed buffer size=0D
+ (including the final null) is returned =
in the=0D
+ SerialNumberSize parameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetSerialNumber (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *SerialNumber, OPTIONAL=0D
+ IN OUT UINTN *SerialNumberSize=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+ X509 *X509Cert;=0D
+ ASN1_INTEGER *Asn1Integer;=0D
+=0D
+ Status =3D FALSE;=0D
+ //=0D
+ // Check input parameters.=0D
+ //=0D
+ if ((Cert =3D=3D NULL) || (SerialNumberSize =3D=3D NULL)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ X509Cert =3D NULL;=0D
+=0D
+ //=0D
+ // Read DER-encoded X509 Certificate and Construct X509 object.=0D
+ //=0D
+ Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert=
);=0D
+ if ((X509Cert =3D=3D NULL) || (!Status)) {=0D
+ *SerialNumberSize =3D 0;=0D
+ Status =3D FALSE;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ //=0D
+ // Retrieve subject name from certificate object.=0D
+ //=0D
+ Asn1Integer =3D X509_get_serialNumber (X509Cert);=0D
+ if (Asn1Integer =3D=3D NULL) {=0D
+ *SerialNumberSize =3D 0;=0D
+ Status =3D FALSE;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ if (*SerialNumberSize < (UINTN)Asn1Integer->length) {=0D
+ *SerialNumberSize =3D (UINTN)Asn1Integer->length;=0D
+ Status =3D FALSE;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ if (SerialNumber !=3D NULL) {=0D
+ CopyMem (SerialNumber, Asn1Integer->data, *SerialNumberSize);=0D
+ Status =3D TRUE;=0D
+ }=0D
+=0D
+ *SerialNumberSize =3D (UINTN)Asn1Integer->length;=0D
+=0D
+_Exit:=0D
+ //=0D
+ // Release Resources.=0D
+ //=0D
+ if (X509Cert !=3D NULL) {=0D
+ X509_free (X509Cert);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the issuer bytes from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertIssuerSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] CertIssuer Pointer to the retrieved certificate subject=
bytes.=0D
+ @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff=
er on input,=0D
+ and the size of buffer returned CertSubject=
on output.=0D
+=0D
+ @retval TRUE The certificate issuer retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or the CertIssuerSize is too small =
for the result.=0D
+ The CertIssuerSize will be updated with the required siz=
e.=0D
+ @retval FALSE This interface is not supported.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetIssuerName (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *CertIssuer,=0D
+ IN OUT UINTN *CertIssuerSize=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+ X509 *X509Cert;=0D
+ X509_NAME *X509Name;=0D
+ UINTN X509NameSize;=0D
+=0D
+ //=0D
+ // Check input parameters.=0D
+ //=0D
+ if ((Cert =3D=3D NULL) || (CertIssuerSize =3D=3D NULL)) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ X509Cert =3D NULL;=0D
+=0D
+ //=0D
+ // Read DER-encoded X509 Certificate and Construct X509 object.=0D
+ //=0D
+ Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert=
);=0D
+ if ((X509Cert =3D=3D NULL) || (!Status)) {=0D
+ Status =3D FALSE;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ Status =3D FALSE;=0D
+=0D
+ //=0D
+ // Retrieve subject name from certificate object.=0D
+ //=0D
+ X509Name =3D X509_get_subject_name (X509Cert);=0D
+ if (X509Name =3D=3D NULL) {=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ X509NameSize =3D i2d_X509_NAME (X509Name, NULL);=0D
+ if (*CertIssuerSize < X509NameSize) {=0D
+ *CertIssuerSize =3D X509NameSize;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ *CertIssuerSize =3D X509NameSize;=0D
+ if (CertIssuer !=3D NULL) {=0D
+ i2d_X509_NAME (X509Name, &CertIssuer);=0D
+ Status =3D TRUE;=0D
+ }=0D
+=0D
+_Exit:=0D
+ //=0D
+ // Release Resources.=0D
+ //=0D
+ if (X509Cert !=3D NULL) {=0D
+ X509_free (X509Cert);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Signature Algorithm from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Oid Signature Algorithm Object identifier b=
uffer.=0D
+ @param[in,out] OidSize Signature Algorithm Object identifier b=
uffer size=0D
+=0D
+ @retval TRUE The certificate Extension data retrieved successf=
ully.=0D
+ @retval FALSE If Cert is NULL.=0D
+ If OidSize is NULL.=0D
+ If Oid is not NULL and *OidSize is 0.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no SignatureType.=0D
+ @retval FALSE If the Oid is NULL. The required buffer=
size=0D
+ is returned in the OidSize.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetSignatureAlgorithm (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *Oid, OPTIONAL=0D
+ IN OUT UINTN *OidSize=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+ X509 *X509Cert;=0D
+ int Nid;=0D
+ ASN1_OBJECT *Asn1Obj;=0D
+=0D
+ //=0D
+ // Check input parameters.=0D
+ //=0D
+ if ((Cert =3D=3D NULL) || (OidSize =3D=3D NULL) || (CertSize =3D=3D 0)) =
{=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ X509Cert =3D NULL;=0D
+ Status =3D FALSE;=0D
+=0D
+ //=0D
+ // Read DER-encoded X509 Certificate and Construct X509 object.=0D
+ //=0D
+ Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert=
);=0D
+ if ((X509Cert =3D=3D NULL) || (!Status)) {=0D
+ Status =3D FALSE;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ //=0D
+ // Retrieve subject name from certificate object.=0D
+ //=0D
+ Nid =3D X509_get_signature_nid (X509Cert);=0D
+ if (Nid =3D=3D NID_undef) {=0D
+ *OidSize =3D 0;=0D
+ Status =3D FALSE;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ Asn1Obj =3D OBJ_nid2obj (Nid);=0D
+ if (Asn1Obj =3D=3D NULL) {=0D
+ *OidSize =3D 0;=0D
+ Status =3D FALSE;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ if (*OidSize < (UINTN)Asn1Obj->length) {=0D
+ *OidSize =3D Asn1Obj->length;=0D
+ Status =3D FALSE;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ if (Oid !=3D NULL) {=0D
+ CopyMem (Oid, Asn1Obj->data, Asn1Obj->length);=0D
+ }=0D
+=0D
+ *OidSize =3D Asn1Obj->length;=0D
+ Status =3D TRUE;=0D
+=0D
+_Exit:=0D
+ //=0D
+ // Release Resources.=0D
+ //=0D
+ if (X509Cert !=3D NULL) {=0D
+ X509_free (X509Cert);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve Extension data from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[in] Oid Object identifier buffer=0D
+ @param[in] OidSize Object identifier buffer size=0D
+ @param[out] ExtensionData Extension bytes.=0D
+ @param[in, out] ExtensionDataSize Extension bytes size.=0D
+=0D
+ @retval TRUE The certificate Extension data retrieve=
d successfully.=0D
+ @retval FALSE If Cert is NULL.=0D
+ If ExtensionDataSize is NULL.=0D
+ If ExtensionData is not NULL and *Exten=
sionDataSize is 0.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no Extension entry match Oid.=0D
+ @retval FALSE If the ExtensionData is NULL. The requi=
red buffer size=0D
+ is returned in the ExtensionDataSize pa=
rameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtensionData (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ IN CONST UINT8 *Oid,=0D
+ IN UINTN OidSize,=0D
+ OUT UINT8 *ExtensionData,=0D
+ IN OUT UINTN *ExtensionDataSize=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+ INTN i;=0D
+ X509 *X509Cert;=0D
+=0D
+ CONST STACK_OF (X509_EXTENSION) *Extensions;=0D
+ ASN1_OBJECT *Asn1Obj;=0D
+ ASN1_OCTET_STRING *Asn1Oct;=0D
+ X509_EXTENSION *Ext;=0D
+ UINTN ObjLength;=0D
+ UINTN OctLength;=0D
+=0D
+ //=0D
+ // Check input parameters.=0D
+ //=0D
+ if ((Cert =3D=3D NULL) || (CertSize =3D=3D 0) || (Oid =3D=3D NULL) || (O=
idSize =3D=3D 0) || (ExtensionDataSize =3D=3D NULL)) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ X509Cert =3D NULL;=0D
+ Status =3D FALSE;=0D
+=0D
+ //=0D
+ // Read DER-encoded X509 Certificate and Construct X509 object.=0D
+ //=0D
+ Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert=
);=0D
+ if ((X509Cert =3D=3D NULL) || (!Status)) {=0D
+ *ExtensionDataSize =3D 0;=0D
+ goto Cleanup;=0D
+ }=0D
+=0D
+ //=0D
+ // Retrieve Extensions from certificate object.=0D
+ //=0D
+ Extensions =3D X509_get0_extensions (X509Cert);=0D
+ if (sk_X509_EXTENSION_num (Extensions) <=3D 0) {=0D
+ *ExtensionDataSize =3D 0;=0D
+ goto Cleanup;=0D
+ }=0D
+=0D
+ //=0D
+ // Traverse Extensions=0D
+ //=0D
+ Status =3D FALSE;=0D
+ Asn1Oct =3D NULL;=0D
+ OctLength =3D 0;=0D
+ for (i =3D 0; i < sk_X509_EXTENSION_num (Extensions); i++) {=0D
+ Ext =3D sk_X509_EXTENSION_value (Extensions, (int)i);=0D
+ if (Ext =3D=3D NULL) {=0D
+ continue;=0D
+ }=0D
+=0D
+ Asn1Obj =3D X509_EXTENSION_get_object (Ext);=0D
+ if (Asn1Obj =3D=3D NULL) {=0D
+ continue;=0D
+ }=0D
+=0D
+ Asn1Oct =3D X509_EXTENSION_get_data (Ext);=0D
+ if (Asn1Oct =3D=3D NULL) {=0D
+ continue;=0D
+ }=0D
+=0D
+ ObjLength =3D OBJ_length (Asn1Obj);=0D
+ OctLength =3D ASN1_STRING_length (Asn1Oct);=0D
+ if ((OidSize =3D=3D ObjLength) && (CompareMem (OBJ_get0_data (Asn1Obj)=
, Oid, OidSize) =3D=3D 0)) {=0D
+ //=0D
+ // Extension Found=0D
+ //=0D
+ Status =3D TRUE;=0D
+ break;=0D
+ }=0D
+=0D
+ //=0D
+ // reset to 0 if not found=0D
+ //=0D
+ OctLength =3D 0;=0D
+ }=0D
+=0D
+ if (Status) {=0D
+ if (*ExtensionDataSize < OctLength) {=0D
+ *ExtensionDataSize =3D OctLength;=0D
+ Status =3D FALSE;=0D
+ goto Cleanup;=0D
+ }=0D
+=0D
+ if (Asn1Oct !=3D NULL) {=0D
+ CopyMem (ExtensionData, ASN1_STRING_get0_data (Asn1Oct), OctLength);=
=0D
+ }=0D
+=0D
+ *ExtensionDataSize =3D OctLength;=0D
+ } else {=0D
+ *ExtensionDataSize =3D 0;=0D
+ }=0D
+=0D
+Cleanup:=0D
+ //=0D
+ // Release Resources.=0D
+ //=0D
+ if (X509Cert !=3D NULL) {=0D
+ X509_free (X509Cert);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Extended Key Usage from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Usage Key Usage bytes.=0D
+ @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D
+=0D
+ @retval TRUE The Usage bytes retrieve successfully.=
=0D
+ @retval FALSE If Cert is NULL.=0D
+ If CertSize is NULL.=0D
+ If Usage is not NULL and *UsageSize is =
0.=0D
+ If Cert is invalid.=0D
+ @retval FALSE If the Usage is NULL. The required buff=
er size=0D
+ is returned in the UsageSize parameter.=
=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtendedKeyUsage (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *Usage,=0D
+ IN OUT UINTN *UsageSize=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+=0D
+ Status =3D X509GetExtensionData (Cert, CertSize, mOidExtKeyUsage, sizeof=
(mOidExtKeyUsage), Usage, UsageSize);=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Validity from one X.509 certificate=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertIssuerSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] From notBefore Pointer to DateTime object.=0D
+ @param[in,out] FromSize notBefore DateTime object size.=0D
+ @param[out] To notAfter Pointer to DateTime object.=0D
+ @param[in,out] ToSize notAfter DateTime object size.=0D
+=0D
+ Note: X509CompareDateTime to compare DateTime oject=0D
+ x509SetDateTime to get a DateTime object from a DateTimeStr=0D
+=0D
+ @retval TRUE The certificate Validity retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or Validity retrieve failed.=0D
+ @retval FALSE This interface is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetValidity (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ IN UINT8 *From,=0D
+ IN OUT UINTN *FromSize,=0D
+ IN UINT8 *To,=0D
+ IN OUT UINTN *ToSize=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+ X509 *X509Cert;=0D
+ CONST ASN1_TIME *F;=0D
+ CONST ASN1_TIME *T;=0D
+ UINTN TSize;=0D
+ UINTN FSize;=0D
+=0D
+ //=0D
+ // Check input parameters.=0D
+ //=0D
+ if ((Cert =3D=3D NULL) || (FromSize =3D=3D NULL) || (ToSize =3D=3D NULL)=
|| (CertSize =3D=3D 0)) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ X509Cert =3D NULL;=0D
+ Status =3D FALSE;=0D
+=0D
+ //=0D
+ // Read DER-encoded X509 Certificate and Construct X509 object.=0D
+ //=0D
+ Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert=
);=0D
+ if ((X509Cert =3D=3D NULL) || (!Status)) {=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ //=0D
+ // Retrieve Validity from/to from certificate object.=0D
+ //=0D
+ F =3D X509_get0_notBefore (X509Cert);=0D
+ T =3D X509_get0_notAfter (X509Cert);=0D
+=0D
+ if ((F =3D=3D NULL) || (T =3D=3D NULL)) {=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ FSize =3D sizeof (ASN1_TIME) + F->length;=0D
+ if (*FromSize < FSize) {=0D
+ *FromSize =3D FSize;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ *FromSize =3D FSize;=0D
+ if (From !=3D NULL) {=0D
+ CopyMem (From, F, sizeof (ASN1_TIME));=0D
+ ((ASN1_TIME *)From)->data =3D From + sizeof (ASN1_TIME);=0D
+ CopyMem (From + sizeof (ASN1_TIME), F->data, F->length);=0D
+ }=0D
+=0D
+ TSize =3D sizeof (ASN1_TIME) + T->length;=0D
+ if (*ToSize < TSize) {=0D
+ *ToSize =3D TSize;=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ *ToSize =3D TSize;=0D
+ if (To !=3D NULL) {=0D
+ CopyMem (To, T, sizeof (ASN1_TIME));=0D
+ ((ASN1_TIME *)To)->data =3D To + sizeof (ASN1_TIME);=0D
+ CopyMem (To + sizeof (ASN1_TIME), T->data, T->length);=0D
+ }=0D
+=0D
+ Status =3D TRUE;=0D
+=0D
+_Exit:=0D
+ //=0D
+ // Release Resources.=0D
+ //=0D
+ if (X509Cert !=3D NULL) {=0D
+ X509_free (X509Cert);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Format a DateTime object into DataTime Buffer=0D
+=0D
+ If DateTimeStr is NULL, then return FALSE.=0D
+ If DateTimeSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D
+ Ref: https://www.w3.org/TR/NOTE-datetim=
e=0D
+ Z stand for UTC time=0D
+ @param[out] DateTime Pointer to a DateTime object.=0D
+ @param[in,out] DateTimeSize DateTime object buffer size.=0D
+=0D
+ @retval TRUE The DateTime object create successfully=
.=0D
+ @retval FALSE If DateTimeStr is NULL.=0D
+ If DateTimeSize is NULL.=0D
+ If DateTime is not NULL and *DateTimeSi=
ze is 0.=0D
+ If Year Month Day Hour Minute Second co=
mbination is invalid datetime.=0D
+ @retval FALSE If the DateTime is NULL. The required b=
uffer size=0D
+ (including the final null) is returned =
in the=0D
+ DateTimeSize parameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509SetDateTime (=0D
+ IN CHAR8 *DateTimeStr,=0D
+ OUT VOID *DateTime,=0D
+ IN OUT UINTN *DateTimeSize=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+ INT32 Ret;=0D
+ ASN1_TIME *Dt;=0D
+ UINTN DSize;=0D
+=0D
+ Dt =3D NULL;=0D
+ Status =3D FALSE;=0D
+=0D
+ Dt =3D ASN1_TIME_new ();=0D
+ if (Dt =3D=3D NULL) {=0D
+ Status =3D FALSE;=0D
+ goto Cleanup;=0D
+ }=0D
+=0D
+ Ret =3D ASN1_TIME_set_string_X509 (Dt, DateTimeStr);=0D
+ if (Ret !=3D 1) {=0D
+ Status =3D FALSE;=0D
+ goto Cleanup;=0D
+ }=0D
+=0D
+ DSize =3D sizeof (ASN1_TIME) + Dt->length;=0D
+ if (*DateTimeSize < DSize) {=0D
+ *DateTimeSize =3D DSize;=0D
+ Status =3D FALSE;=0D
+ goto Cleanup;=0D
+ }=0D
+=0D
+ *DateTimeSize =3D DSize;=0D
+ if (DateTime !=3D NULL) {=0D
+ CopyMem (DateTime, Dt, sizeof (ASN1_TIME));=0D
+ ((ASN1_TIME *)DateTime)->data =3D (UINT8 *)DateTime + sizeof (ASN1_TIM=
E);=0D
+ CopyMem ((UINT8 *)DateTime + sizeof (ASN1_TIME), Dt->data, Dt->length)=
;=0D
+ }=0D
+=0D
+ Status =3D TRUE;=0D
+=0D
+Cleanup:=0D
+ if (Dt !=3D NULL) {=0D
+ ASN1_TIME_free (Dt);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Compare DateTime1 object and DateTime2 object.=0D
+=0D
+ If DateTime1 is NULL, then return -2.=0D
+ If DateTime2 is NULL, then return -2.=0D
+ If DateTime1 =3D=3D DateTime2, then return 0=0D
+ If DateTime1 > DateTime2, then return 1=0D
+ If DateTime1 < DateTime2, then return -1=0D
+=0D
+ @param[in] DateTime1 Pointer to a DateTime Ojbect=0D
+ @param[in] DateTime2 Pointer to a DateTime Object=0D
+=0D
+ @retval 0 If DateTime1 =3D=3D DateTime2=0D
+ @retval 1 If DateTime1 > DateTime2=0D
+ @retval -1 If DateTime1 < DateTime2=0D
+**/=0D
+INT32=0D
+EFIAPI=0D
+X509CompareDateTime (=0D
+ IN CONST VOID *DateTime1,=0D
+ IN CONST VOID *DateTime2=0D
+ )=0D
+{=0D
+ return (INT32)ASN1_TIME_compare (DateTime1, DateTime2);=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Key Usage from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D
+=0D
+ @retval TRUE The certificate Key Usage retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or Usage is NULL=0D
+ @retval FALSE This interface is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetKeyUsage (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINTN *Usage=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+ X509 *X509Cert;=0D
+=0D
+ //=0D
+ // Check input parameters.=0D
+ //=0D
+ if ((Cert =3D=3D NULL) || (Usage =3D=3D NULL)) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ X509Cert =3D NULL;=0D
+ Status =3D FALSE;=0D
+=0D
+ //=0D
+ // Read DER-encoded X509 Certificate and Construct X509 object.=0D
+ //=0D
+ Status =3D X509ConstructCertificate (Cert, CertSize, (UINT8 **)&X509Cert=
);=0D
+ if ((X509Cert =3D=3D NULL) || (!Status)) {=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ //=0D
+ // Retrieve subject name from certificate object.=0D
+ //=0D
+ *Usage =3D X509_get_key_usage (X509Cert);=0D
+ if (*Usage =3D=3D NID_undef) {=0D
+ goto _Exit;=0D
+ }=0D
+=0D
+ Status =3D TRUE;=0D
+=0D
+_Exit:=0D
+ //=0D
+ // Release Resources.=0D
+ //=0D
+ if (X509Cert !=3D NULL) {=0D
+ X509_free (X509Cert);=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+/**=0D
+ Verify one X509 certificate was issued by the trusted CA.=0D
+ @param[in] RootCert Trusted Root Certificate buffer=0D
+=0D
+ @param[in] RootCertLength Trusted Root Certificate buffer length=
=0D
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce=
rtificates=0D
+ where the first certificate is signed =
by the Root=0D
+ Certificate or is the Root Cerificate =
itself. and=0D
+ subsequent cerificate is signed by the=
preceding=0D
+ cerificate.=0D
+ @param[in] CertChainLength Total length of the certificate chain,=
in bytes.=0D
+=0D
+ @retval TRUE All cerificates was issued by the first certificate in X=
509Certchain.=0D
+ @retval FALSE Invalid certificate or the certificate was not issued by=
the given=0D
+ trusted CA.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509VerifyCertChain (=0D
+ IN CONST UINT8 *RootCert,=0D
+ IN UINTN RootCertLength,=0D
+ IN CONST UINT8 *CertChain,=0D
+ IN UINTN CertChainLength=0D
+ )=0D
+{=0D
+ CONST UINT8 *TmpPtr;=0D
+ UINTN Length;=0D
+ UINT32 Asn1Tag;=0D
+ UINT32 ObjClass;=0D
+ CONST UINT8 *CurrentCert;=0D
+ UINTN CurrentCertLen;=0D
+ CONST UINT8 *PrecedingCert;=0D
+ UINTN PrecedingCertLen;=0D
+ BOOLEAN VerifyFlag;=0D
+ INT32 Ret;=0D
+=0D
+ PrecedingCert =3D RootCert;=0D
+ PrecedingCertLen =3D RootCertLength;=0D
+=0D
+ CurrentCert =3D CertChain;=0D
+ Length =3D 0;=0D
+ CurrentCertLen =3D 0;=0D
+=0D
+ VerifyFlag =3D FALSE;=0D
+ while (TRUE) {=0D
+ TmpPtr =3D CurrentCert;=0D
+ Ret =3D ASN1_get_object (=0D
+ (CONST UINT8 **)&TmpPtr,=0D
+ (long *)&Length,=0D
+ (int *)&Asn1Tag,=0D
+ (int *)&ObjClass,=0D
+ (long)(CertChainLength + CertChain - TmpPtr)=0D
+ );=0D
+ if ((Asn1Tag !=3D V_ASN1_SEQUENCE) || (Ret =3D=3D 0x80)) {=0D
+ break;=0D
+ }=0D
+=0D
+ //=0D
+ // Calculate CurrentCert length;=0D
+ //=0D
+ CurrentCertLen =3D TmpPtr - CurrentCert + Length;=0D
+=0D
+ //=0D
+ // Verify CurrentCert with preceding cert;=0D
+ //=0D
+ VerifyFlag =3D X509VerifyCert (CurrentCert, CurrentCertLen, PrecedingC=
ert, PrecedingCertLen);=0D
+ if (VerifyFlag =3D=3D FALSE) {=0D
+ break;=0D
+ }=0D
+=0D
+ //=0D
+ // move Current cert to Preceding cert=0D
+ //=0D
+ PrecedingCertLen =3D CurrentCertLen;=0D
+ PrecedingCert =3D CurrentCert;=0D
+=0D
+ //=0D
+ // Move to next=0D
+ //=0D
+ CurrentCert =3D CurrentCert + CurrentCertLen;=0D
+ }=0D
+=0D
+ return VerifyFlag;=0D
+}=0D
+=0D
+/**=0D
+ Get one X509 certificate from CertChain.=0D
+=0D
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce=
rtificates=0D
+ where the first certificate is signed =
by the Root=0D
+ Certificate or is the Root Cerificate =
itself. and=0D
+ subsequent cerificate is signed by the=
preceding=0D
+ cerificate.=0D
+ @param[in] CertChainLength Total length of the certificate chain,=
in bytes.=0D
+=0D
+ @param[in] CertIndex Index of certificate.=0D
+=0D
+ @param[out] Cert The certificate at the index of CertCh=
ain.=0D
+ @param[out] CertLength The length certificate at the index of=
CertChain.=0D
+=0D
+ @retval TRUE Success.=0D
+ @retval FALSE Failed to get certificate from certificate chain.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetCertFromCertChain (=0D
+ IN CONST UINT8 *CertChain,=0D
+ IN UINTN CertChainLength,=0D
+ IN CONST INT32 CertIndex,=0D
+ OUT CONST UINT8 **Cert,=0D
+ OUT UINTN *CertLength=0D
+ )=0D
+{=0D
+ UINTN Asn1Len;=0D
+ INT32 CurrentIndex;=0D
+ UINTN CurrentCertLen;=0D
+ CONST UINT8 *CurrentCert;=0D
+ CONST UINT8 *TmpPtr;=0D
+ INT32 Ret;=0D
+ UINT32 Asn1Tag;=0D
+ UINT32 ObjClass;=0D
+=0D
+ //=0D
+ // Check input parameters.=0D
+ //=0D
+ if ((CertChain =3D=3D NULL) || (Cert =3D=3D NULL) ||=0D
+ (CertIndex < -1) || (CertLength =3D=3D NULL))=0D
+ {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ Asn1Len =3D 0;=0D
+ CurrentCertLen =3D 0;=0D
+ CurrentCert =3D CertChain;=0D
+ CurrentIndex =3D -1;=0D
+=0D
+ //=0D
+ // Traverse the certificate chain=0D
+ //=0D
+ while (TRUE) {=0D
+ TmpPtr =3D CurrentCert;=0D
+=0D
+ // Get asn1 object and taglen=0D
+ Ret =3D ASN1_get_object (=0D
+ (CONST UINT8 **)&TmpPtr,=0D
+ (long *)&Asn1Len,=0D
+ (int *)&Asn1Tag,=0D
+ (int *)&ObjClass,=0D
+ (long)(CertChainLength + CertChain - TmpPtr)=0D
+ );=0D
+ if ((Asn1Tag !=3D V_ASN1_SEQUENCE) || (Ret =3D=3D 0x80)) {=0D
+ break;=0D
+ }=0D
+=0D
+ //=0D
+ // Calculate CurrentCert length;=0D
+ //=0D
+ CurrentCertLen =3D TmpPtr - CurrentCert + Asn1Len;=0D
+ CurrentIndex++;=0D
+=0D
+ if (CurrentIndex =3D=3D CertIndex) {=0D
+ *Cert =3D CurrentCert;=0D
+ *CertLength =3D CurrentCertLen;=0D
+ return TRUE;=0D
+ }=0D
+=0D
+ //=0D
+ // Move to next=0D
+ //=0D
+ CurrentCert =3D CurrentCert + CurrentCertLen;=0D
+ }=0D
+=0D
+ //=0D
+ // If CertIndex is -1, Return the last certificate=0D
+ //=0D
+ if ((CertIndex =3D=3D -1) && (CurrentIndex >=3D 0)) {=0D
+ *Cert =3D CurrentCert - CurrentCertLen;=0D
+ *CertLength =3D CurrentCertLen;=0D
+ return TRUE;=0D
+ }=0D
+=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the tag and length of the tag.=0D
+=0D
+ @param Ptr The position in the ASN.1 data=0D
+ @param End End of data=0D
+ @param Length The variable that will receive the length=0D
+ @param Tag The expected tag=0D
+=0D
+ @retval TRUE Get tag successful=0D
+ @retval FALSe Failed to get tag or tag not match=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+Asn1GetTag (=0D
+ IN OUT UINT8 **Ptr,=0D
+ IN UINT8 *End,=0D
+ OUT UINTN *Length,=0D
+ IN UINT32 Tag=0D
+ )=0D
+{=0D
+ UINT8 *PtrOld;=0D
+ INT32 ObjTag;=0D
+ INT32 ObjCls;=0D
+ long ObjLength;=0D
+=0D
+ //=0D
+ // Save Ptr position=0D
+ //=0D
+ PtrOld =3D *Ptr;=0D
+=0D
+ ASN1_get_object ((CONST UINT8 **)Ptr, &ObjLength, &ObjTag, &ObjCls, (INT=
32)(End - (*Ptr)));=0D
+ if ((ObjTag =3D=3D (INT32)(Tag & CRYPTO_ASN1_TAG_VALUE_MASK)) &&=0D
+ (ObjCls =3D=3D (INT32)(Tag & CRYPTO_ASN1_TAG_CLASS_MASK)))=0D
+ {=0D
+ *Length =3D (UINTN)ObjLength;=0D
+ return TRUE;=0D
+ } else {=0D
+ //=0D
+ // if doesn't match Tag, restore Ptr to origin Ptr=0D
+ //=0D
+ *Ptr =3D PtrOld;=0D
+ return FALSE;=0D
+ }=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the basic constraints from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509=
certificate.=0D
+ @param[in] CertSize size of the X509 certificate in=
bytes.=0D
+ @param[out] BasicConstraints basic constraints bytes.=0D
+ @param[in, out] BasicConstraintsSize basic constraints buffer sizs i=
n bytes.=0D
+=0D
+ @retval TRUE The basic constraints retrieve successf=
ully.=0D
+ @retval FALSE If cert is NULL.=0D
+ If cert_size is NULL.=0D
+ If basic_constraints is not NULL and *b=
asic_constraints_size is 0.=0D
+ If cert is invalid.=0D
+ @retval FALSE The required buffer size is small.=0D
+ The return buffer size is basic_constra=
ints_size parameter.=0D
+ @retval FALSE If no Extension entry match oid.=0D
+ @retval FALSE The operation is not supported.=0D
+ **/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtendedBasicConstraints (=0D
+ CONST UINT8 *Cert,=0D
+ UINTN CertSize,=0D
+ UINT8 *BasicConstraints,=0D
+ UINTN *BasicConstraintsSize=0D
+ )=0D
+{=0D
+ BOOLEAN Status;=0D
+=0D
+ if ((Cert =3D=3D NULL) || (CertSize =3D=3D 0) || (BasicConstraintsSize =
=3D=3D NULL)) {=0D
+ return FALSE;=0D
+ }=0D
+=0D
+ Status =3D X509GetExtensionData (=0D
+ (UINT8 *)Cert,=0D
+ CertSize,=0D
+ mOidBasicConstraints,=0D
+ sizeof (mOidBasicConstraints),=0D
+ BasicConstraints,=0D
+ BasicConstraintsSize=0D
+ );=0D
+=0D
+ return Status;=0D
+}=0D
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c b/CryptoPkg/=
Library/BaseCryptLib/Pk/CryptX509Null.c
index 38819723c7..bd2a12fc14 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c
@@ -292,3 +292,432 @@ X509GetTBSCert (
ASSERT (FALSE);=0D
return FALSE;=0D
}=0D
+=0D
+/**=0D
+ Retrieve the version from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertSize is 0, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] Version Pointer to the retrieved version integer.=0D
+=0D
+ @retval TRUE The certificate version retrieved successfully.=0D
+ @retval FALSE If Cert is NULL or CertSize is Zero.=0D
+ @retval FALSE The operation is not supported.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetVersion (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINTN *Version=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the serialNumber from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertSize is 0, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] SerialNumber Pointer to the retrieved certificate Seria=
lNumber bytes.=0D
+ @param[in, out] SerialNumberSize The size in bytes of the SerialNumber =
buffer on input,=0D
+ and the size of buffer returned SerialNumbe=
r on output.=0D
+=0D
+ @retval TRUE The certificate serialNumber retrieved =
successfully.=0D
+ @retval FALSE If Cert is NULL or CertSize is Zero.=0D
+ If SerialNumberSize is NULL.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no SerialNumber exists.=0D
+ @retval FALSE If the SerialNumber is NULL. The requir=
ed buffer size=0D
+ (including the final null) is returned =
in the=0D
+ SerialNumberSize parameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetSerialNumber (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *SerialNumber, OPTIONAL=0D
+ IN OUT UINTN *SerialNumberSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the issuer bytes from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertIssuerSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] CertIssuer Pointer to the retrieved certificate subject=
bytes.=0D
+ @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff=
er on input,=0D
+ and the size of buffer returned CertSubject=
on output.=0D
+=0D
+ @retval TRUE The certificate issuer retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or the CertIssuerSize is too small =
for the result.=0D
+ The CertIssuerSize will be updated with the required siz=
e.=0D
+ @retval FALSE This interface is not supported.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetIssuerName (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *CertIssuer,=0D
+ IN OUT UINTN *CertIssuerSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Signature Algorithm from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Oid Signature Algorithm Object identifier b=
uffer.=0D
+ @param[in,out] OidSize Signature Algorithm Object identifier b=
uffer size=0D
+=0D
+ @retval TRUE The certificate Extension data retrieved successf=
ully.=0D
+ @retval FALSE If Cert is NULL.=0D
+ If OidSize is NULL.=0D
+ If Oid is not NULL and *OidSize is 0.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no SignatureType.=0D
+ @retval FALSE If the Oid is NULL. The required buffer=
size=0D
+ is returned in the OidSize.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetSignatureAlgorithm (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *Oid, OPTIONAL=0D
+ IN OUT UINTN *OidSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve Extension data from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[in] Oid Object identifier buffer=0D
+ @param[in] OidSize Object identifier buffer size=0D
+ @param[out] ExtensionData Extension bytes.=0D
+ @param[in, out] ExtensionDataSize Extension bytes size.=0D
+=0D
+ @retval TRUE The certificate Extension data retrieve=
d successfully.=0D
+ @retval FALSE If Cert is NULL.=0D
+ If ExtensionDataSize is NULL.=0D
+ If ExtensionData is not NULL and *Exten=
sionDataSize is 0.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no Extension entry match Oid.=0D
+ @retval FALSE If the ExtensionData is NULL. The requi=
red buffer size=0D
+ is returned in the ExtensionDataSize pa=
rameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtensionData (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ IN CONST UINT8 *Oid,=0D
+ IN UINTN OidSize,=0D
+ OUT UINT8 *ExtensionData,=0D
+ IN OUT UINTN *ExtensionDataSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Extended Key Usage from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Usage Key Usage bytes.=0D
+ @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D
+=0D
+ @retval TRUE The Usage bytes retrieve successfully.=
=0D
+ @retval FALSE If Cert is NULL.=0D
+ If CertSize is NULL.=0D
+ If Usage is not NULL and *UsageSize is =
0.=0D
+ If Cert is invalid.=0D
+ @retval FALSE If the Usage is NULL. The required buff=
er size=0D
+ is returned in the UsageSize parameter.=
=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtendedKeyUsage (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *Usage,=0D
+ IN OUT UINTN *UsageSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Validity from one X.509 certificate=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertIssuerSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[in] From notBefore Pointer to DateTime object.=0D
+ @param[in,out] FromSize notBefore DateTime object size.=0D
+ @param[in] To notAfter Pointer to DateTime object.=0D
+ @param[in,out] ToSize notAfter DateTime object size.=0D
+=0D
+ Note: X509CompareDateTime to compare DateTime oject=0D
+ x509SetDateTime to get a DateTime object from a DateTimeStr=0D
+=0D
+ @retval TRUE The certificate Validity retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or Validity retrieve failed.=0D
+ @retval FALSE This interface is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetValidity (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ IN UINT8 *From,=0D
+ IN OUT UINTN *FromSize,=0D
+ IN UINT8 *To,=0D
+ IN OUT UINTN *ToSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Format a DateTime object into DataTime Buffer=0D
+=0D
+ If DateTimeStr is NULL, then return FALSE.=0D
+ If DateTimeSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D
+ Ref: https://www.w3.org/TR/NOTE-datetim=
e=0D
+ Z stand for UTC time=0D
+ @param[out] DateTime Pointer to a DateTime object.=0D
+ @param[in,out] DateTimeSize DateTime object buffer size.=0D
+=0D
+ @retval TRUE The DateTime object create successfully=
.=0D
+ @retval FALSE If DateTimeStr is NULL.=0D
+ If DateTimeSize is NULL.=0D
+ If DateTime is not NULL and *DateTimeSi=
ze is 0.=0D
+ If Year Month Day Hour Minute Second co=
mbination is invalid datetime.=0D
+ @retval FALSE If the DateTime is NULL. The required b=
uffer size=0D
+ (including the final null) is returned =
in the=0D
+ DateTimeSize parameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509SetDateTime (=0D
+ IN CHAR8 *DateTimeStr,=0D
+ OUT VOID *DateTime,=0D
+ IN OUT UINTN *DateTimeSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Compare DateTime1 object and DateTime2 object.=0D
+=0D
+ If DateTime1 is NULL, then return -2.=0D
+ If DateTime2 is NULL, then return -2.=0D
+ If DateTime1 =3D=3D DateTime2, then return 0=0D
+ If DateTime1 > DateTime2, then return 1=0D
+ If DateTime1 < DateTime2, then return -1=0D
+=0D
+ @param[in] DateTime1 Pointer to a DateTime Ojbect=0D
+ @param[in] DateTime2 Pointer to a DateTime Object=0D
+=0D
+ @retval 0 If DateTime1 =3D=3D DateTime2=0D
+ @retval 1 If DateTime1 > DateTime2=0D
+ @retval -1 If DateTime1 < DateTime2=0D
+**/=0D
+INT32=0D
+EFIAPI=0D
+X509CompareDateTime (=0D
+ IN CONST VOID *DateTime1,=0D
+ IN CONST VOID *DateTime2=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return -3;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Key Usage from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D
+=0D
+ @retval TRUE The certificate Key Usage retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or Usage is NULL=0D
+ @retval FALSE This interface is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetKeyUsage (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINTN *Usage=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Verify one X509 certificate was issued by the trusted CA.=0D
+ @param[in] RootCert Trusted Root Certificate buffer=0D
+=0D
+ @param[in] RootCertLength Trusted Root Certificate buffer length=
=0D
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce=
rtificates=0D
+ where the first certificate is signed =
by the Root=0D
+ Certificate or is the Root Cerificate =
itself. and=0D
+ subsequent cerificate is signed by the=
preceding=0D
+ cerificate.=0D
+ @param[in] CertChainLength Total length of the certificate chain,=
in bytes.=0D
+=0D
+ @retval TRUE All cerificates was issued by the first certificate in X=
509Certchain.=0D
+ @retval FALSE Invalid certificate or the certificate was not issued by=
the given=0D
+ trusted CA.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509VerifyCertChain (=0D
+ IN CONST UINT8 *RootCert,=0D
+ IN UINTN RootCertLength,=0D
+ IN CONST UINT8 *CertChain,=0D
+ IN UINTN CertChainLength=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Get one X509 certificate from CertChain.=0D
+=0D
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce=
rtificates=0D
+ where the first certificate is signed =
by the Root=0D
+ Certificate or is the Root Cerificate =
itself. and=0D
+ subsequent cerificate is signed by the=
preceding=0D
+ cerificate.=0D
+ @param[in] CertChainLength Total length of the certificate chain,=
in bytes.=0D
+=0D
+ @param[in] CertIndex Index of certificate.=0D
+=0D
+ @param[out] Cert The certificate at the index of CertCh=
ain.=0D
+ @param[out] CertLength The length certificate at the index of=
CertChain.=0D
+=0D
+ @retval TRUE Success.=0D
+ @retval FALSE Failed to get certificate from certificate chain.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetCertFromCertChain (=0D
+ IN CONST UINT8 *CertChain,=0D
+ IN UINTN CertChainLength,=0D
+ IN CONST INT32 CertIndex,=0D
+ OUT CONST UINT8 **Cert,=0D
+ OUT UINTN *CertLength=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the tag and length of the tag.=0D
+=0D
+ @param Ptr The position in the ASN.1 data=0D
+ @param End End of data=0D
+ @param Length The variable that will receive the length=0D
+ @param Tag The expected tag=0D
+=0D
+ @retval TRUE Get tag successful=0D
+ @retval FALSe Failed to get tag or tag not match=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+Asn1GetTag (=0D
+ IN OUT UINT8 **Ptr,=0D
+ IN UINT8 *End,=0D
+ OUT UINTN *Length,=0D
+ IN UINT32 Tag=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the basic constraints from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509=
certificate.=0D
+ @param[in] CertSize size of the X509 certificate in=
bytes.=0D
+ @param[out] BasicConstraints basic constraints bytes.=0D
+ @param[in, out] BasicConstraintsSize basic constraints buffer sizs i=
n bytes.=0D
+=0D
+ @retval TRUE The basic constraints retrieve successf=
ully.=0D
+ @retval FALSE If cert is NULL.=0D
+ If cert_size is NULL.=0D
+ If basic_constraints is not NULL and *b=
asic_constraints_size is 0.=0D
+ If cert is invalid.=0D
+ @retval FALSE The required buffer size is small.=0D
+ The return buffer size is basic_constra=
ints_size parameter.=0D
+ @retval FALSE If no Extension entry match oid.=0D
+ @retval FALSE The operation is not supported.=0D
+ **/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtendedBasicConstraints (=0D
+ CONST UINT8 *Cert,=0D
+ UINTN CertSize,=0D
+ UINT8 *BasicConstraints,=0D
+ UINTN *BasicConstraintsSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c b/Crypto=
Pkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c
index 38819723c7..0068f00738 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c
+++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptX509Null.c
@@ -292,3 +292,432 @@ X509GetTBSCert (
ASSERT (FALSE);=0D
return FALSE;=0D
}=0D
+=0D
+/**=0D
+ Retrieve the version from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertSize is 0, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] Version Pointer to the retrieved version integer.=0D
+=0D
+ @retval TRUE The certificate version retrieved successfully.=0D
+ @retval FALSE If Cert is NULL or CertSize is Zero.=0D
+ @retval FALSE The operation is not supported.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetVersion (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINTN *Version=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the serialNumber from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertSize is 0, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] SerialNumber Pointer to the retrieved certificate Seria=
lNumber bytes.=0D
+ @param[in, out] SerialNumberSize The size in bytes of the SerialNumber =
buffer on input,=0D
+ and the size of buffer returned SerialNumbe=
r on output.=0D
+=0D
+ @retval TRUE The certificate serialNumber retrieved =
successfully.=0D
+ @retval FALSE If Cert is NULL or CertSize is Zero.=0D
+ If SerialNumberSize is NULL.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no SerialNumber exists.=0D
+ @retval FALSE If the SerialNumber is NULL. The requir=
ed buffer size=0D
+ (including the final null) is returned =
in the=0D
+ SerialNumberSize parameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetSerialNumber (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *SerialNumber, OPTIONAL=0D
+ IN OUT UINTN *SerialNumberSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the issuer bytes from one X.509 certificate.=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertIssuerSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[out] CertIssuer Pointer to the retrieved certificate subject=
bytes.=0D
+ @param[in, out] CertIssuerSize The size in bytes of the CertIssuer buff=
er on input,=0D
+ and the size of buffer returned CertSubject=
on output.=0D
+=0D
+ @retval TRUE The certificate issuer retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or the CertIssuerSize is too small =
for the result.=0D
+ The CertIssuerSize will be updated with the required siz=
e.=0D
+ @retval FALSE This interface is not supported.=0D
+=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetIssuerName (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *CertIssuer,=0D
+ IN OUT UINTN *CertIssuerSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Signature Algorithm from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Oid Signature Algorithm Object identifier b=
uffer.=0D
+ @param[in,out] OidSize Signature Algorithm Object identifier b=
uffer size=0D
+=0D
+ @retval TRUE The certificate Extension data retrieved successf=
ully.=0D
+ @retval FALSE If Cert is NULL.=0D
+ If OidSize is NULL.=0D
+ If Oid is not NULL and *OidSize is 0.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no SignatureType.=0D
+ @retval FALSE If the Oid is NULL. The required buffer=
size=0D
+ is returned in the OidSize.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetSignatureAlgorithm (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *Oid, OPTIONAL=0D
+ IN OUT UINTN *OidSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve Extension data from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[in] Oid Object identifier buffer=0D
+ @param[in] OidSize Object identifier buffer size=0D
+ @param[out] ExtensionData Extension bytes.=0D
+ @param[in, out] ExtensionDataSize Extension bytes size.=0D
+=0D
+ @retval TRUE The certificate Extension data retrieve=
d successfully.=0D
+ @retval FALSE If Cert is NULL.=0D
+ If ExtensionDataSize is NULL.=0D
+ If ExtensionData is not NULL and *Exten=
sionDataSize is 0.=0D
+ If Certificate is invalid.=0D
+ @retval FALSE If no Extension entry match Oid.=0D
+ @retval FALSE If the ExtensionData is NULL. The requi=
red buffer size=0D
+ is returned in the ExtensionDataSize pa=
rameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtensionData (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ IN CONST UINT8 *Oid,=0D
+ IN UINTN OidSize,=0D
+ OUT UINT8 *ExtensionData,=0D
+ IN OUT UINTN *ExtensionDataSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Extended Key Usage from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Usage Key Usage bytes.=0D
+ @param[in, out] UsageSize Key Usage buffer sizs in bytes.=0D
+=0D
+ @retval TRUE The Usage bytes retrieve successfully.=
=0D
+ @retval FALSE If Cert is NULL.=0D
+ If CertSize is NULL.=0D
+ If Usage is not NULL and *UsageSize is =
0.=0D
+ If Cert is invalid.=0D
+ @retval FALSE If the Usage is NULL. The required buff=
er size=0D
+ is returned in the UsageSize parameter.=
=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtendedKeyUsage (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINT8 *Usage,=0D
+ IN OUT UINTN *UsageSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Validity from one X.509 certificate=0D
+=0D
+ If Cert is NULL, then return FALSE.=0D
+ If CertIssuerSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certificate=
.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=0D
+ @param[in] From notBefore Pointer to DateTime object.=0D
+ @param[in,out] FromSize notBefore DateTime object size.=0D
+ @param[in] To notAfter Pointer to DateTime object.=0D
+ @param[in,out] ToSize notAfter DateTime object size.=0D
+=0D
+ Note: X509CompareDateTime to compare DateTime oject=0D
+ x509SetDateTime to get a DateTime object from a DateTimeStr=0D
+=0D
+ @retval TRUE The certificate Validity retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or Validity retrieve failed.=0D
+ @retval FALSE This interface is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetValidity (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ IN UINT8 *From,=0D
+ IN OUT UINTN *FromSize,=0D
+ IN UINT8 *To,=0D
+ IN OUT UINTN *ToSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Format a DateTime object into DataTime Buffer=0D
+=0D
+ If DateTimeStr is NULL, then return FALSE.=0D
+ If DateTimeSize is NULL, then return FALSE.=0D
+ If this interface is not supported, then return FALSE.=0D
+=0D
+ @param[in] DateTimeStr DateTime string like YYYYMMDDhhmmssZ=0D
+ Ref: https://www.w3.org/TR/NOTE-datetim=
e=0D
+ Z stand for UTC time=0D
+ @param[out] DateTime Pointer to a DateTime object.=0D
+ @param[in,out] DateTimeSize DateTime object buffer size.=0D
+=0D
+ @retval TRUE The DateTime object create successfully=
.=0D
+ @retval FALSE If DateTimeStr is NULL.=0D
+ If DateTimeSize is NULL.=0D
+ If DateTime is not NULL and *DateTimeSi=
ze is 0.=0D
+ If Year Month Day Hour Minute Second co=
mbination is invalid datetime.=0D
+ @retval FALSE If the DateTime is NULL. The required b=
uffer size=0D
+ (including the final null) is returned =
in the=0D
+ DateTimeSize parameter.=0D
+ @retval FALSE The operation is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509SetDateTime (=0D
+ IN CHAR8 *DateTimeStr,=0D
+ OUT VOID *DateTime,=0D
+ IN OUT UINTN *DateTimeSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Compare DateTime1 object and DateTime2 object.=0D
+=0D
+ If DateTime1 is NULL, then return -2.=0D
+ If DateTime2 is NULL, then return -2.=0D
+ If DateTime1 =3D=3D DateTime2, then return 0=0D
+ If DateTime1 > DateTime2, then return 1=0D
+ If DateTime1 < DateTime2, then return -1=0D
+=0D
+ @param[in] DateTime1 Pointer to a DateTime Ojbect=0D
+ @param[in] DateTime2 Pointer to a DateTime Object=0D
+=0D
+ @retval 0 If DateTime1 =3D=3D DateTime2=0D
+ @retval 1 If DateTime1 > DateTime2=0D
+ @retval -1 If DateTime1 < DateTime2=0D
+**/=0D
+INT32=0D
+EFIAPI=0D
+X509CompareDateTime (=0D
+ IN CONST VOID *DateTime1,=0D
+ IN CONST VOID *DateTime2=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return -3;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the Key Usage from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509 certifi=
cate.=0D
+ @param[in] CertSize Size of the X509 certificate in bytes.=
=0D
+ @param[out] Usage Key Usage (CRYPTO_X509_KU_*)=0D
+=0D
+ @retval TRUE The certificate Key Usage retrieved successfully.=0D
+ @retval FALSE Invalid certificate, or Usage is NULL=0D
+ @retval FALSE This interface is not supported.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetKeyUsage (=0D
+ IN CONST UINT8 *Cert,=0D
+ IN UINTN CertSize,=0D
+ OUT UINTN *Usage=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Verify one X509 certificate was issued by the trusted CA.=0D
+ @param[in] RootCert Trusted Root Certificate buffer=0D
+=0D
+ @param[in] RootCertLength Trusted Root Certificate buffer length=
=0D
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce=
rtificates=0D
+ where the first certificate is signed =
by the Root=0D
+ Certificate or is the Root Cerificate =
itself. and=0D
+ subsequent cerificate is signed by the=
preceding=0D
+ cerificate.=0D
+ @param[in] CertChainLength Total length of the certificate chain,=
in bytes.=0D
+=0D
+ @retval TRUE All cerificates was issued by the first certificate in X=
509Certchain.=0D
+ @retval FALSE Invalid certificate or the certificate was not issued by=
the given=0D
+ trusted CA.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509VerifyCertChain (=0D
+ IN CONST UINT8 *RootCert,=0D
+ IN UINTN RootCertLength,=0D
+ IN CONST UINT8 *CertChain,=0D
+ IN UINTN CertChainLength=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Get one X509 certificate from CertChain.=0D
+=0D
+ @param[in] CertChain One or more ASN.1 DER-encoded X.509 ce=
rtificates=0D
+ where the first certificate is signed =
by the Root=0D
+ Certificate or is the Root Cerificate =
itself. and=0D
+ subsequent cerificate is signed by the=
preceding=0D
+ cerificate.=0D
+ @param[in] CertChainLength Total length of the certificate chain,=
in bytes.=0D
+=0D
+ @param[in] CertIndex Index of certificate.=0D
+=0D
+ @param[out] Cert The certificate at the index of CertCh=
ain.=0D
+ @param[out] CertLength The length certificate at the index of=
CertChain.=0D
+=0D
+ @retval TRUE Success.=0D
+ @retval FALSE Failed to get certificate from certificate chain.=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetCertFromCertChain (=0D
+ IN CONST UINT8 *CertChain,=0D
+ IN UINTN CertChainLength,=0D
+ IN CONST INT32 CertIndex,=0D
+ OUT CONST UINT8 **Cert,=0D
+ OUT UINTN *CertLength=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the tag and length of the tag.=0D
+=0D
+ @param Ptr The position in the ASN.1 data=0D
+ @param End End of data=0D
+ @param Length The variable that will receive the length=0D
+ @param Tag The expected tag=0D
+=0D
+ @retval TRUE Get tag successful=0D
+ @retval FALSe Failed to get tag or tag not match=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+Asn1GetTag (=0D
+ IN OUT UINT8 **Ptr,=0D
+ IN UINT8 *End,=0D
+ OUT UINTN *Length,=0D
+ IN UINT32 Tag=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
+=0D
+/**=0D
+ Retrieve the basic constraints from one X.509 certificate.=0D
+=0D
+ @param[in] Cert Pointer to the DER-encoded X509=
certificate.=0D
+ @param[in] CertSize size of the X509 certificate in=
bytes.=0D
+ @param[out] BasicConstraints basic constraints bytes.=0D
+ @param[in, out] BasicConstraintsSize basic constraints buffer sizs i=
n bytes.=0D
+=0D
+ @retval TRUE The basic constraints retrieve successf=
ully.=0D
+ @retval FALSE If cert is NULL.=0D
+ If cert_size is NULL.=0D
+ If basic_constraints is not NULL and *b=
asic_constraints_size is 0.=0D
+ If cert is invalid.=0D
+ @retval FALSE The required buffer size is small.=0D
+ The return buffer size is basic_constra=
ints_size parameter.=0D
+ @retval FALSE If no Extension entry match oid.=0D
+ @retval FALSE The operation is not supported.=0D
+ **/=0D
+BOOLEAN=0D
+EFIAPI=0D
+X509GetExtendedBasicConstraints (=0D
+ CONST UINT8 *Cert,=0D
+ UINTN CertSize,=0D
+ UINT8 *BasicConstraints,=0D
+ UINTN *BasicConstraintsSize=0D
+ )=0D
+{=0D
+ ASSERT (FALSE);=0D
+ return FALSE;=0D
+}=0D
--=20
2.26.2.windows.1

Join devel@edk2.groups.io to automatically receive all group messages.