From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web10.3418.1581666375769248290
 for <devel@edk2.groups.io>;
 Thu, 13 Feb 2020 23:46:15 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jiewen.yao@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Feb 2020 23:46:15 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,439,1574150400"; 
   d="scan'208";a="228401971"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
  by fmsmga008.fm.intel.com with ESMTP; 13 Feb 2020 23:46:14 -0800
Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 13 Feb 2020 23:46:14 -0800
Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by
 FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 13 Feb 2020 23:46:14 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.126]) by
 SHSMSX107.ccr.corp.intel.com ([169.254.9.46]) with mapi id 14.03.0439.000;
 Fri, 14 Feb 2020 15:46:12 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Zhang, Chao B" <chao.b.zhang@intel.com>
Subject: Re: [PATCH v2 10/10] SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase name(CVE-2019-14575)
Thread-Topic: [PATCH v2 10/10] SecurityPkg/DxeImageVerificationLib: change
 IsCertHashFoundInDatabase name(CVE-2019-14575)
Thread-Index: AQHV4whLF976ckf9s0mTYwi17Ld//6gaT3/w
Date: Fri, 14 Feb 2020 07:46:12 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F92F8D5@shsmsx102.ccr.corp.intel.com>
References: <20200214072745.1570-1-jian.j.wang@intel.com>
 <20200214072745.1570-11-jian.j.wang@intel.com>
In-Reply-To: <20200214072745.1570-11-jian.j.wang@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: jiewen.yao@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Friday, February 14, 2020 3:28 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>
> Subject: [PATCH v2 10/10] SecurityPkg/DxeImageVerificationLib: change
> IsCertHashFoundInDatabase name(CVE-2019-14575)
>=20
> IsCertHashFoundInDatabase() is actually used only for searching dbx,
> according to the function logic, its comments and its use cases. Changing
> it to IsCertHashFoundInDbx to avoid confusion.
>=20
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1608
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
>  .../DxeImageVerificationLib/DxeImageVerificationLib.c       | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>=20
> diff --git
> a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
> index 0e1587bc3c..b7fa8ea8c5 100644
> --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib=
.c
> +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib=
.c
> @@ -829,7 +829,7 @@ AddImageExeInfo (
>=20
>=20
>  **/
>=20
>  EFI_STATUS
>=20
> -IsCertHashFoundInDatabase (
>=20
> +IsCertHashFoundInDbx (
>=20
>    IN  UINT8               *Certificate,
>=20
>    IN  UINTN               CertSize,
>=20
>    IN  EFI_SIGNATURE_LIST  *SignatureList,
>=20
> @@ -1362,7 +1362,7 @@ IsForbiddenByDbx (
>      //
>=20
>      CertPtr =3D CertPtr + sizeof (UINT32) + CertSize;
>=20
>=20
>=20
> -    Status =3D IsCertHashFoundInDatabase (Cert, CertSize, (EFI_SIGNATURE=
_LIST
> *)Data, DataSize, &RevocationTime, &IsFound);
>=20
> +    Status =3D IsCertHashFoundInDbx (Cert, CertSize, (EFI_SIGNATURE_LIST=
 *)Data,
> DataSize, &RevocationTime, &IsFound);
>=20
>      if (EFI_ERROR (Status)) {
>=20
>        //
>=20
>        // Error in searching dbx. Consider it as 'found'. RevocationTime =
might
>=20
> @@ -1528,7 +1528,7 @@ IsAllowedByDb (
>              //
>=20
>              // Here We still need to check if this RootCert's Hash is re=
voked
>=20
>              //
>=20
> -            Status =3D IsCertHashFoundInDatabase (RootCert, RootCertSize=
,
> (EFI_SIGNATURE_LIST *)DbxData, DbxDataSize, &RevocationTime, &IsFound);
>=20
> +            Status =3D IsCertHashFoundInDbx (RootCert, RootCertSize,
> (EFI_SIGNATURE_LIST *)DbxData, DbxDataSize, &RevocationTime, &IsFound);
>=20
>              if (EFI_ERROR (Status)) {
>=20
>                //
>=20
>                // Error in searching dbx. Consider it as 'found'. Revocat=
ionTime might
>=20
> --
> 2.24.0.windows.2