From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196])
 by mx.groups.io with SMTP id smtpd.web12.2002.1582683878169031587
 for <devel@edk2.groups.io>;
 Tue, 25 Feb 2020 18:24:38 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20161025 header.b=TF0rVzrS;
 spf=pass (domain: gmail.com, ip: 209.85.210.196, mailfrom: newexplorerj@gmail.com)
Received: by mail-pf1-f196.google.com with SMTP id 185so615054pfv.3
        for <devel@edk2.groups.io>; Tue, 25 Feb 2020 18:24:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=LNur4D1qBIV689+m2n0LpBEjGVvH2K5AijiOZoWRrXA=;
        b=TF0rVzrSTO8WvHDugyuBvZYpdqy+9Dycvx7p7NOpSSkhXtb9fZMl1nv+NRcvdbxGVq
         mYBZa65iECtVRx+TObsPCH3cJrMIT6XHwNTiYPtUo9axp4QjBfYKxGFx/KHm26cXinqR
         VCQFPp/a3/jIvmhAe56sIoxGTJE32TF77U3otjDECR+lE5IVru+0E14GzdOlYS/7dVJP
         RU0lhql5yJinFxvRwelUYsjDsy9e3KN/nRF462s80S/WQZh8kKMwLovZASTp+G8kxkJc
         1ttAu8mc4dZ5ngBrm7+UGc9RJ5w91+LZ7qSX+sCzlo6bD8d06pa2bXhs0J+/tpwPToaz
         LAkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=LNur4D1qBIV689+m2n0LpBEjGVvH2K5AijiOZoWRrXA=;
        b=D2S213k9Z7aP8xZyZ6JpGrkBMINJu37lqUDHmVwpSeH+EoDb/anC8/PoiUUpgrAeaH
         XYtqunaW4zWSKZAAb1pYkV+VxIqVWbMWT2BOHmrgD1boXaZziGjUFyJjVv/dLC9i35SD
         SUu2mbTntMleXEMSNPb1TBLg6J+slWhuLNOOwfCPnjxwTCXqsmuqricWuW230XlwZjLF
         bXntSc5v9AsyXVFD2ohntdGR4ieW6ZiqI+1eTA0k6T1YjwovjeZEX3MgJQyRAxLXtRAf
         SFCo+wX6UdophOpjNjp+SfC1qr9ik7JXD4ts9eTaponWlfc4t4uKJxVkRQ4wSY7rdLNN
         s+sA==
X-Gm-Message-State: APjAAAXXZAJK89wVhpsBVYSMe5/fKquuJI/ujH5guM8KhIApl9A1I82S
	6Q56eCSIPMi680Rq8GT/IdZQdLNXcBw=
X-Google-Smtp-Source: APXvYqzTUYnBKaudb9x7PnBhwQ42eYDkl7XuawSNeffWZny0KQImoklKJ7PP9kQ8xYOZEcGqH/J6uA==
X-Received: by 2002:a63:131f:: with SMTP id i31mr1488583pgl.101.1582683877210;
        Tue, 25 Feb 2020 18:24:37 -0800 (PST)
Return-Path: <newexplorerj@gmail.com>
Received: from localhost.localdomain ([222.67.15.87])
        by smtp.gmail.com with ESMTPSA id w11sm425865pfn.4.2020.02.25.18.24.34
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 25 Feb 2020 18:24:36 -0800 (PST)
From: "GuoMinJ" <newexplorerj@gmail.com>
To: devel@edk2.groups.io
Cc: GuoMinJ <newexplorerj@gmail.com>
Subject: [PATCH] CryptoPkg: Check the type is data and Support other OID types.
Date: Wed, 26 Feb 2020 10:23:51 +0800
Message-Id: <2d4611c789992e70a35bef9715ad14af4c4e5efd.1582683815.git.newexplorerj@gmail.com>
X-Mailer: git-send-email 2.17.1

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2539

Microsoft signtool supports creation of attached P7's with any OID payload
via the "/p7co" parameter. It is necessary to check the data before get
the string.

Signed-off-by: GuoMinJ <newexplorerj@gmail.com>
---
 .../BaseCryptLib/Pk/CryptPkcs7VerifyBase.c    | 51 ++++++++++++++++++-
 1 file changed, 50 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
index 313f459b11..d437e52e1f 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
@@ -13,6 +13,53 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <openssl/x509v3.h>
 #include <openssl/pkcs7.h>
 
+/**
+  Check the contents of PKCS7 is not data.
+
+  @param p7   Pointer to the location which the PKCS7 is located at.
+
+  @return int The content type.
+**/
+static int PKCS7_type_is_other(PKCS7 *p7)
+{
+    int isOther = 1;
+
+    int nid = OBJ_obj2nid(p7->type);
+
+    switch (nid) {
+    case NID_pkcs7_data:
+    case NID_pkcs7_signed:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_digest:
+    case NID_pkcs7_encrypted:
+        isOther = 0;
+        break;
+    default:
+        isOther = 1;
+    }
+
+    return isOther;
+
+}
+
+/**
+  Get the ASN.1 string for the PKCS7.
+
+  @param p7   Pointer to the location which the PKCS7 is located at.
+
+  @return ASN1_OCTET_STRING  ASN.1 string.
+**/
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
+{
+    if (PKCS7_type_is_data(p7))
+        return p7->d.data;
+    if (PKCS7_type_is_other(p7) && p7->d.other
+        && (p7->d.other->type == V_ASN1_OCTET_STRING))
+        return p7->d.other->value.octet_string;
+    return NULL;
+}
+
 /**
   Extracts the attached content from a PKCS#7 signed data if existed. The input signed
   data could be wrapped in a ContentInfo structure.
@@ -98,7 +145,9 @@ Pkcs7GetAttachedContent (
     //
     // Retrieve the attached content in PKCS7 signedData
     //
-    OctStr = Pkcs7->d.sign->contents->d.data;
+    OctStr = PKCS7_get_octet_string(Pkcs7->d.sign->contents);
+    DEBUG ((DEBUG_INFO, "OctStr->Type:     %x\n", OctStr->type));
+    DEBUG ((DEBUG_INFO, "OctStr->Length:   %x\n", OctStr->length));
     if ((OctStr->length > 0) && (OctStr->data != NULL)) {
       *ContentSize = OctStr->length;
       *Content     = AllocatePool (*ContentSize);
-- 
2.17.1