* [patch] SecurityPkg: Fix potential bug in Security Boot dxe. @ 2017-02-21 2:53 Zhang Lubo 2017-02-22 8:31 ` Zhang, Chao B 0 siblings, 1 reply; 3+ messages in thread From: Zhang Lubo @ 2017-02-21 2:53 UTC (permalink / raw) To: edk2-devel; +Cc: Chao Zhang, Long Qin, Yao Jiewen since we removed the sha-1 definition in Hash table and related macro, but the macro definition HashAlg index may be value 4 which is exceed the range of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> --- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h index bea9470..58030c4 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h @@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; #define WIN_CERT_UEFI_RSA2048_SIZE 256 // // Support hash types // -#define HASHALG_SHA224 0x00000001 -#define HASHALG_SHA256 0x00000002 -#define HASHALG_SHA384 0x00000003 -#define HASHALG_SHA512 0x00000004 -#define HASHALG_RAW 0x00000005 -#define HASHALG_MAX 0x00000005 +#define HASHALG_SHA224 0x00000000 +#define HASHALG_SHA256 0x00000001 +#define HASHALG_SHA384 0x00000002 +#define HASHALG_SHA512 0x00000003 +#define HASHALG_RAW 0x00000004 +#define HASHALG_MAX 0x00000004 typedef struct { UINTN Signature; LIST_ENTRY Head; -- 1.9.5.msysgit.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [patch] SecurityPkg: Fix potential bug in Security Boot dxe. 2017-02-21 2:53 [patch] SecurityPkg: Fix potential bug in Security Boot dxe Zhang Lubo @ 2017-02-22 8:31 ` Zhang, Chao B 2017-02-22 8:39 ` Zhang, Lubo 0 siblings, 1 reply; 3+ messages in thread From: Zhang, Chao B @ 2017-02-22 8:31 UTC (permalink / raw) To: Zhang, Lubo, edk2-devel@lists.01.org; +Cc: Yao, Jiewen, Long, Qin Lubo: If you change HASH algo definition, please also update SecureBootConfig.vfr accordingly. Or you may keep SHA1 algo definition & keep RAW & MAX unchanged -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhang Lubo Sent: Tuesday, February 21, 2017 10:53 AM To: edk2-devel@lists.01.org Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>; Long, Qin <qin.long@intel.com> Subject: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot dxe. since we removed the sha-1 definition in Hash table and related macro, but the macro definition HashAlg index may be value 4 which is exceed the range of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> --- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h index bea9470..58030c4 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfigImpl.h @@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; #define WIN_CERT_UEFI_RSA2048_SIZE 256 // // Support hash types // -#define HASHALG_SHA224 0x00000001 -#define HASHALG_SHA256 0x00000002 -#define HASHALG_SHA384 0x00000003 -#define HASHALG_SHA512 0x00000004 -#define HASHALG_RAW 0x00000005 -#define HASHALG_MAX 0x00000005 +#define HASHALG_SHA224 0x00000000 +#define HASHALG_SHA256 0x00000001 +#define HASHALG_SHA384 0x00000002 +#define HASHALG_SHA512 0x00000003 +#define HASHALG_RAW 0x00000004 +#define HASHALG_MAX 0x00000004 typedef struct { UINTN Signature; LIST_ENTRY Head; -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch] SecurityPkg: Fix potential bug in Security Boot dxe. 2017-02-22 8:31 ` Zhang, Chao B @ 2017-02-22 8:39 ` Zhang, Lubo 0 siblings, 0 replies; 3+ messages in thread From: Zhang, Lubo @ 2017-02-22 8:39 UTC (permalink / raw) To: Zhang, Chao B, edk2-devel@lists.01.org; +Cc: Yao, Jiewen, Long, Qin Thanks , I will update the HASH value definition in VFR to keep them consistent with macro definition . > -----Original Message----- > From: Zhang, Chao B > Sent: Wednesday, February 22, 2017 4:31 PM > To: Zhang, Lubo <lubo.zhang@intel.com>; edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Long, Qin <qin.long@intel.com> > Subject: RE: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot dxe. > > Lubo: > If you change HASH algo definition, please also update SecureBootConfig.vfr > accordingly. > Or you may keep SHA1 algo definition & keep RAW & MAX unchanged > > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhang > Lubo > Sent: Tuesday, February 21, 2017 10:53 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B > <chao.b.zhang@intel.com>; Long, Qin <qin.long@intel.com> > Subject: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot dxe. > > since we removed the sha-1 definition in Hash table and related macro, but the > macro definition HashAlg index may be value 4 which is exceed the range of the > Hash table array. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Long Qin <qin.long@intel.com> > Cc: Yao Jiewen <jiewen.yao@intel.com> > --- > .../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > mpl.h > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > mpl.h > index bea9470..58030c4 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > mpl.h > +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigImpl.h > @@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; > #define WIN_CERT_UEFI_RSA2048_SIZE 256 > > // > // Support hash types > // > -#define HASHALG_SHA224 0x00000001 > -#define HASHALG_SHA256 0x00000002 > -#define HASHALG_SHA384 0x00000003 > -#define HASHALG_SHA512 0x00000004 > -#define HASHALG_RAW 0x00000005 > -#define HASHALG_MAX 0x00000005 > +#define HASHALG_SHA224 0x00000000 > +#define HASHALG_SHA256 0x00000001 > +#define HASHALG_SHA384 0x00000002 > +#define HASHALG_SHA512 0x00000003 > +#define HASHALG_RAW 0x00000004 > +#define HASHALG_MAX 0x00000004 > > > typedef struct { > UINTN Signature; > LIST_ENTRY Head; > -- > 1.9.5.msysgit.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-22 8:39 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-02-21 2:53 [patch] SecurityPkg: Fix potential bug in Security Boot dxe Zhang Lubo 2017-02-22 8:31 ` Zhang, Chao B 2017-02-22 8:39 ` Zhang, Lubo
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox