From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web12.7763.1586435384406726029 for ; Thu, 09 Apr 2020 05:29:44 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: xiaoyux.lu@intel.com) IronPort-SDR: eIlPS95KnrhlQuWug/LPy2DTVn2uI/Bb1YfNMs6mOX9KLGyT7XjH40VQJuxN+J6EXKJuwdxzMV m46Me4zOhCkg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Apr 2020 05:29:44 -0700 IronPort-SDR: DxLLsS0j0XH7ynaygVRgIo95osAbiqsPgaYL3hUoTTBI/erPK6QHrueDrFBqufI4QfASB2iEdP O7QgS0uf/mDw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,362,1580803200"; d="scan'208";a="251879755" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga003.jf.intel.com with ESMTP; 09 Apr 2020 05:29:43 -0700 Received: from shsmsx606.ccr.corp.intel.com (10.109.6.216) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 9 Apr 2020 05:29:43 -0700 Received: from shsmsx603.ccr.corp.intel.com (10.109.6.143) by SHSMSX606.ccr.corp.intel.com (10.109.6.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 9 Apr 2020 20:29:40 +0800 Received: from shsmsx603.ccr.corp.intel.com ([10.109.6.143]) by SHSMSX603.ccr.corp.intel.com ([10.109.6.143]) with mapi id 15.01.1713.004; Thu, 9 Apr 2020 20:29:40 +0800 From: "Xiaoyu Lu" To: "Jiang, Guomin" , "devel@edk2.groups.io" CC: "Wang, Jian J" Subject: Re: [PATCH v2] CryptoPkg/Pkcs7: Extend support for other OID types Thread-Topic: [PATCH v2] CryptoPkg/Pkcs7: Extend support for other OID types Thread-Index: AQHWBmRhyhTh+k4L0kSw6kY+avh+fahwxkKw Date: Thu, 9 Apr 2020 12:29:40 +0000 Message-ID: <83f21ca0425f46dda7107d1f6176717c@intel.com> References: <20200330072519.2108-1-guomin.jiang@intel.com> In-Reply-To: <20200330072519.2108-1-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.36] MIME-Version: 1.0 Return-Path: xiaoyux.lu@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Guomin, > -----Original Message----- > From: Jiang, Guomin > Sent: Monday, March 30, 2020 3:25 PM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: [PATCH v2] CryptoPkg/Pkcs7: Extend support for other OID types >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2539 >=20 > Microsoft signtool supports creation of attached P7's with any OID payloa= d > via the "/p7co" parameter. It is necessary to check the data before get > the string. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Signed-off-by: Guomin Jiang > --- > .../BaseCryptLib/Pk/CryptPkcs7VerifyBase.c | 59 ++++++++++++++++++- > 1 file changed, 58 insertions(+), 1 deletion(-) >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c > index 313f459b11..d03e97d265 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c > @@ -13,6 +13,63 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include >=20 > #include >=20 >=20 >=20 > +/** >=20 > + Check the contents of PKCS7 is not data. >=20 > + >=20 > + It is copied from PKCS7_type_is_other() in pk7_doit.c. >=20 > + >=20 > + @param p7 Pointer to the location which the PKCS7 is located at. >=20 > + >=20 > + @return int The content type. >=20 > +**/ >=20 > +static >=20 > +int >=20 > +Pkcs7TypeIsOther ( >=20 > + PKCS7 *p7 >=20 > + ) >=20 > +{ >=20 > + int isOthers =3D 1; >=20 > + int nid =3D OBJ_obj2nid(p7->type); >=20 > + >=20 > + switch (nid) { >=20 > + case NID_pkcs7_data: >=20 > + case NID_pkcs7_signed: >=20 > + case NID_pkcs7_enveloped: >=20 > + case NID_pkcs7_signedAndEnveloped: >=20 > + case NID_pkcs7_encrypted: >=20 > + isOthers =3D 0; >=20 > + break; >=20 > + default: >=20 > + isOthers =3D 1; >=20 > + } >=20 > + >=20 > + return isOthers; >=20 > +} >=20 > + >=20 > +/** >=20 > + Get the ASN.1 string for the PKCS7. >=20 > + >=20 > + It is copied from PKCS7_get_octet_string() in pk7_doit.c. >=20 > + @param p7 Pointer to the location which the PKCS7 is located at. >=20 > + >=20 > + @return ASN1_OCTET_STRING ASN.1 string. >=20 > +**/ >=20 > +static >=20 > +ASN1_OCTET_STRING* >=20 > +Pkcs7GetOctetString ( >=20 > + PKCS7 *p7 >=20 > + ) >=20 > +{ >=20 > + if (PKCS7_type_is_data(p7)) { >=20 > + return p7->d.data; >=20 > + } >=20 > + if (Pkcs7TypeIsOther(p7) && p7->d.other && >=20 > + (p7->d.other->type =3D=3D V_ASN1_OCTET_STRING)) { >=20 > + return p7->d.other->value.octet_string; >=20 > + } >=20 > + return NULL; >=20 > +} >=20 > + >=20 > /** >=20 > Extracts the attached content from a PKCS#7 signed data if existed. Th= e > input signed >=20 > data could be wrapped in a ContentInfo structure. >=20 > @@ -98,7 +155,7 @@ Pkcs7GetAttachedContent ( > // >=20 > // Retrieve the attached content in PKCS7 signedData >=20 > // >=20 > - OctStr =3D Pkcs7->d.sign->contents->d.data; >=20 > + OctStr =3D Pkcs7GetOctetString (Pkcs7->d.sign->contents); >=20 Is there possible Pkcs7GetOctetString return NULL? If so, you should check the return value. > if ((OctStr->length > 0) && (OctStr->data !=3D NULL)) { >=20 > *ContentSize =3D OctStr->length; >=20 > *Content =3D AllocatePool (*ContentSize); >=20 > -- > 2.25.1.windows.1