From nobody Sun May 5 11:00:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54835+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54835+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1582683880; cv=none; d=zohomail.com; s=zohoarc; b=ik6TgGyxXhqmKUZj8Ta9y6vKg1INeD0+msLlJNgrAWeCXFkIDhRuyAEtiIj0+4ajVom5vPQOJejwnXtU5ViRT3baM0ZlC4oqyk88cxRR1RAezccZ5GYVYZ0lB8RfyKJoMpZ0/m1eJjdGC3VppFd2u9RXIanyJ7FJzPRyNJDa9D8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582683880; h=Cc:Date:From:List-Id:List-Unsubscribe:Message-ID:Reply-To:Sender:Subject:To; bh=K4s8VlQYMOqhlEHtdKGyRWYfYe1XokuSYPO3zYAjkic=; b=nS1pwF0C3DkZlEpYKD+n8Un+8TK5FPwO8pIUgPx4eNsi/Z9kn/WtE+LWINz/Iv1ByySZ7BTf/NsFhaeSZLNE6ZcIyDdw9k4rbVeOd7jvyaMuRE7D+HmOFqdailCNSR0IxIst6r0z8EJoUzFuVc6kZOHDmxpunntxAXljuIBimNc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54835+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 15826838800155.41089863824368; Tue, 25 Feb 2020 18:24:40 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id SwUtYY1788612xXyv0vWnwvn; Tue, 25 Feb 2020 18:24:39 -0800 X-Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196]) by mx.groups.io with SMTP id smtpd.web12.2002.1582683878169031587 for ; Tue, 25 Feb 2020 18:24:38 -0800 X-Received: by mail-pf1-f196.google.com with SMTP id 185so615054pfv.3 for ; Tue, 25 Feb 2020 18:24:38 -0800 (PST) X-Gm-Message-State: 45xa3sWJAVBBtcEcTn0bM7xLx1787277AA= X-Google-Smtp-Source: APXvYqzTUYnBKaudb9x7PnBhwQ42eYDkl7XuawSNeffWZny0KQImoklKJ7PP9kQ8xYOZEcGqH/J6uA== X-Received: by 2002:a63:131f:: with SMTP id i31mr1488583pgl.101.1582683877210; Tue, 25 Feb 2020 18:24:37 -0800 (PST) X-Received: from localhost.localdomain ([222.67.15.87]) by smtp.gmail.com with ESMTPSA id w11sm425865pfn.4.2020.02.25.18.24.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2020 18:24:36 -0800 (PST) From: "GuoMinJ" To: devel@edk2.groups.io Cc: GuoMinJ Subject: [edk2-devel] [PATCH] CryptoPkg: Check the type is data and Support other OID types. Date: Wed, 26 Feb 2020 10:23:51 +0800 Message-Id: <2d4611c789992e70a35bef9715ad14af4c4e5efd.1582683815.git.newexplorerj@gmail.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,newexplorerj@gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582683879; bh=sLQnt2ArlXHSwO00TR1dBzVBq4Oc9zoEabEfOULs+u8=; h=Cc:Date:From:Reply-To:Subject:To; b=vwkOhAeTvSM41H8PQG+gaaRa7nQ/MMSHF/uhmSOVh0v7xG29nBiOOa1+V7g6W1e5EJS 71RL184KX5ggnEbpSjyi6iqu+fLNUg6t8hj4YwlcGwFcEjw7P7ZCQrCJP5l3/EVByXYO3 gEexyx9EAF0yZevqDDTJ5ISvMGmp/8zmGxE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2539 Microsoft signtool supports creation of attached P7's with any OID payload via the "/p7co" parameter. It is necessary to check the data before get the string. Signed-off-by: GuoMinJ --- .../BaseCryptLib/Pk/CryptPkcs7VerifyBase.c | 51 ++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c b/Cry= ptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c index 313f459b11..d437e52e1f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c @@ -13,6 +13,53 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include =20 +/** + Check the contents of PKCS7 is not data. + + @param p7 Pointer to the location which the PKCS7 is located at. + + @return int The content type. +**/ +static int PKCS7_type_is_other(PKCS7 *p7) +{ + int isOther =3D 1; + + int nid =3D OBJ_obj2nid(p7->type); + + switch (nid) { + case NID_pkcs7_data: + case NID_pkcs7_signed: + case NID_pkcs7_enveloped: + case NID_pkcs7_signedAndEnveloped: + case NID_pkcs7_digest: + case NID_pkcs7_encrypted: + isOther =3D 0; + break; + default: + isOther =3D 1; + } + + return isOther; + +} + +/** + Get the ASN.1 string for the PKCS7. + + @param p7 Pointer to the location which the PKCS7 is located at. + + @return ASN1_OCTET_STRING ASN.1 string. +**/ +static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) +{ + if (PKCS7_type_is_data(p7)) + return p7->d.data; + if (PKCS7_type_is_other(p7) && p7->d.other + && (p7->d.other->type =3D=3D V_ASN1_OCTET_STRING)) + return p7->d.other->value.octet_string; + return NULL; +} + /** Extracts the attached content from a PKCS#7 signed data if existed. The = input signed data could be wrapped in a ContentInfo structure. @@ -98,7 +145,9 @@ Pkcs7GetAttachedContent ( // // Retrieve the attached content in PKCS7 signedData // - OctStr =3D Pkcs7->d.sign->contents->d.data; + OctStr =3D PKCS7_get_octet_string(Pkcs7->d.sign->contents); + DEBUG ((DEBUG_INFO, "OctStr->Type: %x\n", OctStr->type)); + DEBUG ((DEBUG_INFO, "OctStr->Length: %x\n", OctStr->length)); if ((OctStr->length > 0) && (OctStr->data !=3D NULL)) { *ContentSize =3D OctStr->length; *Content =3D AllocatePool (*ContentSize); --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54835): https://edk2.groups.io/g/devel/message/54835 Mute This Topic: https://groups.io/mt/71547267/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-