diff --git a/Cryptlib/Pk/CryptAuthenticode.c.bak b/Cryptlib/Pk/CryptAuthenticode.c.bak
deleted file mode 100644
index a1f8c58..0000000
--- a/Cryptlib/Pk/CryptAuthenticode.c.bak
+++ /dev/null
@@ -1,151 +0,0 @@
-/** @file
- Authenticode Portable Executable Signature Verification over OpenSSL.
-
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalCryptLib.h"
-
-#include
-#include
-#include
-
-
-/**
- Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
- Authenticode Portable Executable Signature Format".
-
- If AuthData is NULL, then return FALSE.
- If ImageHash is NULL, then return FALSE.
-
- @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
- PE/COFF image to be verified.
- @param[in] DataSize Size of the Authenticode Signature in bytes.
- @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
- is used for certificate chain verification.
- @param[in] CertSize Size of the trusted certificate in bytes.
- @param[in] ImageHash Pointer to the original image file hash value. The procudure
- for calculating the image hash value is described in Authenticode
- specification.
- @param[in] HashSize Size of Image hash value in bytes.
-
- @retval TRUE The specified Authenticode Signature is valid.
- @retval FALSE Invalid Authenticode Signature.
-
-**/
-BOOLEAN
-EFIAPI
-AuthenticodeVerify (
- IN CONST UINT8 *AuthData,
- IN UINTN DataSize,
- IN CONST UINT8 *TrustedCert,
- IN UINTN CertSize,
- IN CONST UINT8 *ImageHash,
- IN UINTN HashSize
- )
-{
- BOOLEAN Status;
- PKCS7 *Pkcs7;
- CONST UINT8 *OrigAuthData;
- UINT8 *SpcIndirectDataContent;
- UINT8 Asn1Byte;
- UINTN ContentSize;
-
- //
- // Check input parameters.
- //
- if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) {
- return FALSE;
- }
-
- if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) {
- return FALSE;
- }
-
- Status = FALSE;
- Pkcs7 = NULL;
- OrigAuthData = AuthData;
-
- //
- // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature
- //
- Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize);
- if (Pkcs7 == NULL) {
- goto _Exit;
- }
-
- //
- // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
- //
- if (!PKCS7_type_is_signed (Pkcs7)) {
- goto _Exit;
- }
-
- //
- // NOTE: OpenSSL PKCS7 Decoder didn't work for Authenticode-format signed data due to
- // some authenticode-specific structure. Use opaque ASN.1 string to retrieve
- // PKCS#7 ContentInfo here.
- //
- SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
-
- //
- // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent.
- //
- Asn1Byte = *(SpcIndirectDataContent + 1);
-
- if ((Asn1Byte & 0x80) == 0) {
- //
- // Short Form of Length Encoding
- //
- ContentSize = (UINTN) (Asn1Byte & 0x7F);
- //
- // Skip the SEQUENCE Tag;
- //
- SpcIndirectDataContent += 2;
- } else if ((Asn1Byte & 0x82) == 0x82) {
- //
- // Long Form of Length Encoding, only support two bytes.
- //
- ContentSize = (UINTN) (*(SpcIndirectDataContent + 2));
- ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3));
- //
- // Skip the SEQUENCE Tag;
- //
- SpcIndirectDataContent += 4;
- } else {
- goto _Exit;
- }
-
- //
- // Compare the original file hash value to the digest retrieve from SpcIndirectDataContent
- // defined in Authenticode
- // NOTE: Need to double-check HashLength here!
- //
- if (CompareMem (SpcIndirectDataContent + ContentSize - HashSize, ImageHash, HashSize) != 0) {
- //
- // Un-matched PE/COFF Hash Value
- //
- goto _Exit;
- }
-
- //
- // Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature
- //
- Status = (BOOLEAN) Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize);
-
-_Exit:
- //
- // Release Resources
- //
- PKCS7_free (Pkcs7);
-
- return Status;
-}
diff --git a/Cryptlib/Pk/CryptAuthenticode.c.bak~ b/Cryptlib/Pk/CryptAuthenticode.c.bak~
deleted file mode 100644
index 849dfb0..0000000
--- a/Cryptlib/Pk/CryptAuthenticode.c.bak~
+++ /dev/null
@@ -1,153 +0,0 @@
-/** @file
- Authenticode Portable Executable Signature Verification over OpenSSL.
-
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalCryptLib.h"
-
-#include
-#include
-#include
-
-
-/**
- Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
- Authenticode Portable Executable Signature Format".
-
- If AuthData is NULL, then return FALSE.
- If ImageHash is NULL, then return FALSE.
-
- @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
- PE/COFF image to be verified.
- @param[in] DataSize Size of the Authenticode Signature in bytes.
- @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
- is used for certificate chain verification.
- @param[in] CertSize Size of the trusted certificate in bytes.
- @param[in] ImageHash Pointer to the original image file hash value. The procudure
- for calculating the image hash value is described in Authenticode
- specification.
- @param[in] HashSize Size of Image hash value in bytes.
-
- @retval TRUE The specified Authenticode Signature is valid.
- @retval FALSE Invalid Authenticode Signature.
-
-**/
-BOOLEAN
-EFIAPI
-AuthenticodeVerify (
- IN CONST UINT8 *AuthData,
- IN UINTN DataSize,
- IN CONST UINT8 *TrustedCert,
- IN UINTN CertSize,
- IN CONST UINT8 *ImageHash,
- IN UINTN HashSize
- )
-{
- BOOLEAN Status;
- PKCS7 *Pkcs7;
- CONST UINT8 *OrigAuthData;
- UINT8 *SpcIndirectDataContent;
- UINT8 Asn1Byte;
- UINTN ContentSize;
-
- //
- // Check input parameters.
- //
- if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) {
- return FALSE;
- }
-
- if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) {
- return FALSE;
- }
-
- Status = FALSE;
- Pkcs7 = NULL;
- OrigAuthData = AuthData;
-
- Print(L"1\n");
-
- //
- // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature
- //
- Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize);
- if (Pkcs7 == NULL) {
- goto _Exit;
- }
-
- //
- // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
- //
- if (!PKCS7_type_is_signed (Pkcs7)) {
- goto _Exit;
- }
-
- //
- // NOTE: OpenSSL PKCS7 Decoder didn't work for Authenticode-format signed data due to
- // some authenticode-specific structure. Use opaque ASN.1 string to retrieve
- // PKCS#7 ContentInfo here.
- //
- SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
-
- //
- // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent.
- //
- Asn1Byte = *(SpcIndirectDataContent + 1);
-
- if ((Asn1Byte & 0x80) == 0) {
- //
- // Short Form of Length Encoding
- //
- ContentSize = (UINTN) (Asn1Byte & 0x7F);
- //
- // Skip the SEQUENCE Tag;
- //
- SpcIndirectDataContent += 2;
- } else if ((Asn1Byte & 0x82) == 0x82) {
- //
- // Long Form of Length Encoding, only support two bytes.
- //
- ContentSize = (UINTN) (*(SpcIndirectDataContent + 2));
- ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3));
- //
- // Skip the SEQUENCE Tag;
- //
- SpcIndirectDataContent += 4;
- } else {
- goto _Exit;
- }
-
- //
- // Compare the original file hash value to the digest retrieve from SpcIndirectDataContent
- // defined in Authenticode
- // NOTE: Need to double-check HashLength here!
- //
- if (CompareMem (SpcIndirectDataContent + ContentSize - HashSize, ImageHash, HashSize) != 0) {
- //
- // Un-matched PE/COFF Hash Value
- //
- goto _Exit;
- }
-
- //
- // Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature
- //
- Status = (BOOLEAN) Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize);
-
-_Exit:
- //
- // Release Resources
- //
- PKCS7_free (Pkcs7);
-
- return Status;
-}
diff --git a/Cryptlib/Pk/CryptAuthenticode.c~ b/Cryptlib/Pk/CryptAuthenticode.c~
deleted file mode 100644
index a1f8c58..0000000
--- a/Cryptlib/Pk/CryptAuthenticode.c~
+++ /dev/null
@@ -1,151 +0,0 @@
-/** @file
- Authenticode Portable Executable Signature Verification over OpenSSL.
-
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalCryptLib.h"
-
-#include
-#include
-#include
-
-
-/**
- Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows
- Authenticode Portable Executable Signature Format".
-
- If AuthData is NULL, then return FALSE.
- If ImageHash is NULL, then return FALSE.
-
- @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed
- PE/COFF image to be verified.
- @param[in] DataSize Size of the Authenticode Signature in bytes.
- @param[in] TrustedCert Pointer to a trusted/root certificate encoded in DER, which
- is used for certificate chain verification.
- @param[in] CertSize Size of the trusted certificate in bytes.
- @param[in] ImageHash Pointer to the original image file hash value. The procudure
- for calculating the image hash value is described in Authenticode
- specification.
- @param[in] HashSize Size of Image hash value in bytes.
-
- @retval TRUE The specified Authenticode Signature is valid.
- @retval FALSE Invalid Authenticode Signature.
-
-**/
-BOOLEAN
-EFIAPI
-AuthenticodeVerify (
- IN CONST UINT8 *AuthData,
- IN UINTN DataSize,
- IN CONST UINT8 *TrustedCert,
- IN UINTN CertSize,
- IN CONST UINT8 *ImageHash,
- IN UINTN HashSize
- )
-{
- BOOLEAN Status;
- PKCS7 *Pkcs7;
- CONST UINT8 *OrigAuthData;
- UINT8 *SpcIndirectDataContent;
- UINT8 Asn1Byte;
- UINTN ContentSize;
-
- //
- // Check input parameters.
- //
- if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) {
- return FALSE;
- }
-
- if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) {
- return FALSE;
- }
-
- Status = FALSE;
- Pkcs7 = NULL;
- OrigAuthData = AuthData;
-
- //
- // Retrieve & Parse PKCS#7 Data (DER encoding) from Authenticode Signature
- //
- Pkcs7 = d2i_PKCS7 (NULL, &AuthData, (int)DataSize);
- if (Pkcs7 == NULL) {
- goto _Exit;
- }
-
- //
- // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
- //
- if (!PKCS7_type_is_signed (Pkcs7)) {
- goto _Exit;
- }
-
- //
- // NOTE: OpenSSL PKCS7 Decoder didn't work for Authenticode-format signed data due to
- // some authenticode-specific structure. Use opaque ASN.1 string to retrieve
- // PKCS#7 ContentInfo here.
- //
- SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);
-
- //
- // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent.
- //
- Asn1Byte = *(SpcIndirectDataContent + 1);
-
- if ((Asn1Byte & 0x80) == 0) {
- //
- // Short Form of Length Encoding
- //
- ContentSize = (UINTN) (Asn1Byte & 0x7F);
- //
- // Skip the SEQUENCE Tag;
- //
- SpcIndirectDataContent += 2;
- } else if ((Asn1Byte & 0x82) == 0x82) {
- //
- // Long Form of Length Encoding, only support two bytes.
- //
- ContentSize = (UINTN) (*(SpcIndirectDataContent + 2));
- ContentSize = (ContentSize << 8) + (UINTN)(*(SpcIndirectDataContent + 3));
- //
- // Skip the SEQUENCE Tag;
- //
- SpcIndirectDataContent += 4;
- } else {
- goto _Exit;
- }
-
- //
- // Compare the original file hash value to the digest retrieve from SpcIndirectDataContent
- // defined in Authenticode
- // NOTE: Need to double-check HashLength here!
- //
- if (CompareMem (SpcIndirectDataContent + ContentSize - HashSize, ImageHash, HashSize) != 0) {
- //
- // Un-matched PE/COFF Hash Value
- //
- goto _Exit;
- }
-
- //
- // Verifies the PKCS#7 Signed Data in PE/COFF Authenticode Signature
- //
- Status = (BOOLEAN) Pkcs7Verify (OrigAuthData, DataSize, TrustedCert, CertSize, SpcIndirectDataContent, ContentSize);
-
-_Exit:
- //
- // Release Resources
- //
- PKCS7_free (Pkcs7);
-
- return Status;
-}