From nobody Fri May  3 05:31:41 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+56603+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+56603+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1585553127; cv=none;
	d=zohomail.com; s=zohoarc;
	b=f1nS67SoO+u5+0zdQg6n3NyP4uGuZWWmPE3TDHOsBy4q/2n7dMJOLBHeaZfzqu8SatlwDO3oV5VKbrygE8XqsNb89095F1IZS3E/+2Rc/s+gGbXgtoWHXRkUX7SfMJVj1tfFffSb/VVZDvHAx24N0SyVLDLdLik02V48FhZXJi0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1585553127;
 h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To;
	bh=urfofripnek2DUpoChqHtveTR8inBF+4hKYQ3kP0TRg=;
	b=fLvyBSTbDXFsAjpv2jba8Vfxx5v109nLmLnJ5JRr52Y1b/4XElU7giTJdr1pLg6NkOEC2biJYDRIVPbfWyR4CpRiFmJRM/s3LkpUvCBibW99wu0tI+KxstQHx87URnMSgY6BoC2Qam8Uf5knkMoRRfMAwu2hhGg/kmg1LwPxL3Q=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+56603+1787277+3901457@groups.io;
	dmarc=fail header.from=<guomin.jiang@intel.com> (p=none dis=none)
 header.from=<guomin.jiang@intel.com>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 1585553127982169.74110377048385;
 Mon, 30 Mar 2020 00:25:27 -0700 (PDT)
Return-Path: <bounce+27952+56603+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id KWj3YY1788612xjsm31BZA97;
 Mon, 30 Mar 2020 00:25:27 -0700
X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 by mx.groups.io with SMTP id smtpd.web10.45316.1585553126717976318
 for <devel@edk2.groups.io>;
 Mon, 30 Mar 2020 00:25:27 -0700
IronPort-SDR: 
 D131jNF2H0o6XTO5KqcsaWyO2qKl99loU2DJa1t8qbwfLAnk0DTXpxVayy8xjJtD8rn3k0d1XF
 bl5N6xEpqlBA==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-Received: from fmsmga004.fm.intel.com ([10.253.24.48])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 30 Mar 2020 00:25:22 -0700
IronPort-SDR: 
 FObhuzKdatnygivwWyn8u3cZdKXaE12D+Og0odCDcYHWTT6mWf1jInZV9+/BfwUbx1z1Z8sxzm
 yE1dPKqqvqhg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.72,323,1580803200";
   d="scan'208";a="272285127"
X-Received: from guominji-mobl.ccr.corp.intel.com ([10.238.5.173])
  by fmsmga004.fm.intel.com with ESMTP; 30 Mar 2020 00:25:20 -0700
From: "Guomin Jiang" <guomin.jiang@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Xiaoyu Lu <xiaoyux.lu@intel.com>
Subject: [edk2-devel] [PATCH v2] CryptoPkg/Pkcs7: Extend support for other OID
 types
Date: Mon, 30 Mar 2020 15:25:19 +0800
Message-Id: <20200330072519.2108-1-guomin.jiang@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,guomin.jiang@intel.com
X-Gm-Message-State: x7RXPsmYFoUZlU1VmWerLKIHx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1585553127;
 bh=OG6VPO5WBFDDFFF5uBVIuEjZfka+3eJ42gpC51fSezs=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=l5HmS5YptNavmxE11izGKJNMHy2IJXKgH78kk7diuoah8yCDeGCQUF/CRD1PnEf0IDm
 DXGj+BVFGOstYcjUF/t6dESU4gcpkxmLeIKYIo95p3oMK18Fq32ofTwkDaI8L+ijE7yM0
 8NSeAjAU0VZCw+qhhLoN1Yy4ewfX0L3TYhY=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2539

Microsoft signtool supports creation of attached P7's with any OID payload
via the "/p7co" parameter. It is necessary to check the data before get
the string.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
---
 .../BaseCryptLib/Pk/CryptPkcs7VerifyBase.c    | 59 ++++++++++++++++++-
 1 file changed, 58 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c b/Cry=
ptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
index 313f459b11..d03e97d265 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
@@ -13,6 +13,63 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <openssl/x509v3.h>
 #include <openssl/pkcs7.h>
=20
+/**
+  Check the contents of PKCS7 is not data.
+
+  It is copied from PKCS7_type_is_other() in pk7_doit.c.
+
+  @param p7 Pointer to the location which the PKCS7 is located at.
+
+  @return int The content type.
+**/
+static
+int
+Pkcs7TypeIsOther (
+  PKCS7 *p7
+  )
+{
+  int isOthers =3D 1;
+  int nid =3D OBJ_obj2nid(p7->type);
+
+  switch (nid) {
+    case NID_pkcs7_data:
+    case NID_pkcs7_signed:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_encrypted:
+      isOthers =3D 0;
+      break;
+    default:
+      isOthers =3D 1;
+  }
+
+  return isOthers;
+}
+
+/**
+  Get the ASN.1 string for the PKCS7.
+
+  It is copied from PKCS7_get_octet_string() in pk7_doit.c.
+  @param p7 Pointer to the location which the PKCS7 is located at.
+
+  @return ASN1_OCTET_STRING ASN.1 string.
+**/
+static
+ASN1_OCTET_STRING*
+Pkcs7GetOctetString (
+  PKCS7 *p7
+  )
+{
+  if (PKCS7_type_is_data(p7)) {
+    return p7->d.data;
+  }
+  if (Pkcs7TypeIsOther(p7) && p7->d.other &&
+      (p7->d.other->type =3D=3D V_ASN1_OCTET_STRING)) {
+    return p7->d.other->value.octet_string;
+  }
+  return NULL;
+}
+
 /**
   Extracts the attached content from a PKCS#7 signed data if existed. The =
input signed
   data could be wrapped in a ContentInfo structure.
@@ -98,7 +155,7 @@ Pkcs7GetAttachedContent (
     //
     // Retrieve the attached content in PKCS7 signedData
     //
-    OctStr =3D Pkcs7->d.sign->contents->d.data;
+    OctStr =3D Pkcs7GetOctetString (Pkcs7->d.sign->contents);
     if ((OctStr->length > 0) && (OctStr->data !=3D NULL)) {
       *ContentSize =3D OctStr->length;
       *Content     =3D AllocatePool (*ContentSize);
--=20
2.25.1.windows.1


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56603): https://edk2.groups.io/g/devel/message/56603
Mute This Topic: https://groups.io/mt/72647274/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-