The best way to create signed certificate request and verify certificate from UEFI

I'm trying to create signed certificate request from C code in UEFI (I use edk2).

I know how to do it using openssl in Linux C code. I know there is CryptoPkg in edk2. But I didn't find functions to create request and check certificate.

Is there any way to create X509_REQ and check X509 certificate using CryptoPkg? And how can I do it?

In the case if I can't do it: How can I create create request and check certificate? What is the best way to create my own openssl wrapper?

Solution

Okay. I figured out that the best way for me is create my own wrapper in CryptoPkg. So I created library in CryptoPkg\Library\MyCryptLib according to CryptoPkg\Library\BaseCryptLib, copy enviroment header and library paths to link.

So I've got openssl wrapper that I can expand and use

Failed to enumerate slots in pkcs#11
How to extract the signature value from a certificate in PHP
I want to change the values of P and G for diffiehellman in openssl
Why rust is failing to build command for openssl-sys v0.9.60 even after local installation?
SSL error unsafe legacy renegotiation disabled
openssl/ssl.h not found but installed with homebrew
Homebrew refusing to link OpenSSL
Unknown binaryTarget debian-openssl-3.0.x and no custom binaries were provided error Command failed with exit code 1
I don’t understand what is causing dll creation
Building Python with SSL support in non-standard location
How to fix fatal error C1083 and LNK1104 on windows while building openssl 3 using conan?
ITMS-91065: Missing Signature in Privacy Impacting SDK
Openssl can't compile when compiling for ARM, otherwise works fine
Make OpenSSL accept expired certificates
Generate sha256 with OpenSSL and C++
libssl.so.1.1: cannot open shared object file: No such file or directory
Node.js ERR_OSSL_EVP_UNSUPPORTED error when running npm run start
What causes keytool error "Failed to decrypt safe contents entry"?
Why Am I Getting Different Cipher Outputs Between Node.js and PHP When Reading Large Files by Chunks?
Ruby 2.7.4 & 3.0.0 fails on macOS Big Sur (11.2.3): undeclared identifier RSA_SSLV23_PADDING
How can I connect a C# SSLStream client to an OpenSSL server?
Gracefully Shutdown TLS connection in C OpenSSL
PHP openssl_pkcs12_read "error:0308010C:digital envelope routines::unsupported"
Why does smaller blocksize lead to slower throughput for AES encryption?
openssl_pkey_get_details($res) returns no public exponent
dyld: Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
Creating PKCS#12 keystore with multiple certificates using OpenSSL 1.0.0a
How to establish TLS session in python using PKCS11
how to create CSR in PHP?
Convert pem key to ssh-rsa format