From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=ting.ye@intel.com; receiver=edk2-devel@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 58C50211B85E5 for ; Tue, 29 Jan 2019 16:03:26 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Jan 2019 16:03:25 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,538,1539673200"; d="scan'208";a="142535449" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by fmsmga001.fm.intel.com with ESMTP; 29 Jan 2019 16:03:25 -0800 Received: from fmsmsx123.amr.corp.intel.com (10.18.125.38) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 29 Jan 2019 16:03:25 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx123.amr.corp.intel.com (10.18.125.38) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 29 Jan 2019 16:03:24 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.194]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.172]) with mapi id 14.03.0415.000; Wed, 30 Jan 2019 08:03:22 +0800 From: "Ye, Ting" To: "Wang, Jian J" , "edk2-devel@lists.01.org" CC: "Long, Qin" Thread-Topic: [edk2] [PATCH] CryptoPkg/BaseCryptLib: split CryptPkcs7Verify.c on behalf of runtime Thread-Index: AQHUtuTcuWU/QiL9Gk2KgiP8aqOxJqXG8Ifw Date: Wed, 30 Jan 2019 00:03:22 +0000 Message-ID: References: <20190128083820.21392-1-jian.j.wang@intel.com> In-Reply-To: <20190128083820.21392-1-jian.j.wang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMmIwYTdmYTMtNzA4NC00ODFiLTgxZmYtYjAyZmMwMGNmYjc5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiMVFZd0ZUWUtYaVB4bkJJN1V3azNGaFlHdzF2RDVzckJGcWR4SGtVYzVTN25cL3FyRkRCaUlISlVaZ2Z0SXFvZlMifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] CryptoPkg/BaseCryptLib: split CryptPkcs7Verify.c on behalf of runtime X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jan 2019 00:03:26 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Looks good to me. Reviewed-by: Ye Ting =20 -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jian= J Wang Sent: Monday, January 28, 2019 4:38 PM To: edk2-devel@lists.01.org Cc: Ye, Ting ; Long, Qin Subject: [edk2] [PATCH] CryptoPkg/BaseCryptLib: split CryptPkcs7Verify.c on= behalf of runtime REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1493 Pkcs7GetAttachedContent() implementation in current CryptPkcs7Verify.c is a= ctually shared by RuntimeCryptLib.inf, SmmCryptLib.inf and BaseCryptLib.inf= , which are not correct since there's no use scenario for runtime and Alloc= atePool() used in this method can only be called in boot time. This patch fix this issue by splitting file CryptPkcs7Verify.c into 3 parts= . CryptPkcs7VerifyCommon.c (shared among Base, SMM, Runtime) CryptPkcs7VerifyBase.c (shared between Base, SMM) CryptPkcs7VerifyRuntime.c (for Runtime only) CryptPkcs7VerifyBase.c will have original implementation of Pkcs7GetAttachedContent() as CryptPkcs7Verify.c. CryptPkcs7VerifyRuntime.c = provide a NULL version of Pkcs7GetAttachedContent(). No functionality and interface change is involved in this patch. Cc: Ting Ye Cc: Qin Long Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang --- .../Library/BaseCryptLib/BaseCryptLib.inf | 5 +- .../Library/BaseCryptLib/InternalCryptLib.h | 32 +++++ .../Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../BaseCryptLib/Pk/CryptPkcs7VerifyBase.c | 131 ++++++++++++++++++ ...Pkcs7Verify.c =3D> CryptPkcs7VerifyCommon.c} | 112 +-------------- ...= /BaseCryptLib/Pk/CryptPkcs7VerifyRuntime.c | 45 ++++++ .../Library/BaseCryptLib/RuntimeCryptLib.inf | 6 +- .../Library/BaseCryptLib/SmmCryptLib.inf | 5 +- 8 files changed, 220 insertions(+), 119 deletions(-) create mode 100644 C= ryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c rename CryptoPkg/Library/BaseCryptLib/Pk/{CryptPkcs7Verify.c =3D> CryptPkc= s7VerifyCommon.c} (85%) create mode 100644 CryptoPkg/Library/BaseCryptLib/= Pk/CryptPkcs7VerifyRuntime.c diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Li= brary/BaseCryptLib/BaseCryptLib.inf index f29445ce34..c5558eedb7 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -6,7 +6,7 @@ # This external input must be validated carefully to avoid security issue= s such as # buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2019, Intel Corporation. All rights=20 +reserved.
# This program and the accompanying materials # are licensed and made a= vailable under the terms and conditions of the BSD License # which accomp= anies this distribution. The full text of the license may be found at @@ -= 49,7 +49,8 @@ Pk/CryptRsaExt.c Pk/CryptPkcs5Pbkdf2.c Pk/CryptPkcs7Sign.c - Pk/CryptPkcs7Verify.c + Pk/CryptPkcs7VerifyCommon.c + Pk/CryptPkcs7VerifyBase.c Pk/CryptDh.c Pk/CryptX509.c Pk/CryptAuthenticode.c diff --git a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h b/CryptoPkg/= Library/BaseCryptLib/InternalCryptLib.h index 8cccf72567..026793f664 100644 --- a/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h +++ b/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h @@ -33,4 +33,36 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHE= R EXPRESS OR IMPLIED. #define OBJ_length(o) ((o)->length) #endif =20 +/** + Check input P7Data is a wrapped ContentInfo structure or not. If not=20 +construct + a new structure to wrap P7Data. + + Caution: This function may receive untrusted input. + UEFI Authenticated Variable is external input, so this function will=20 + do basic check for PKCS#7 data structure. + + @param[in] P7Data Pointer to the PKCS#7 message to verify. + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, othe= rwise + return FALSE. + @param[out] WrapData If return status of this function is TRUE: + 1) when WrapFlag is TRUE, pointer to P7Data. + 2) when WrapFlag is FALSE, pointer to a new Con= tentInfo + structure. It's caller's responsibility to free= this + buffer. + @param[out] WrapDataSize Length of ContentInfo structure in bytes. + + @retval TRUE The operation is finished successfully. + @retval FALSE The operation is failed due to lack of resource= s. + +**/ +BOOLEAN +WrapPkcs7Data ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT BOOLEAN *WrapFlag, + OUT UINT8 **WrapData, + OUT UINTN *WrapDataSize + ); + #endif diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/PeiCryptLib.inf index e7b4b2f618..386810e442 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -56,7 +56,8 @@ Pk/CryptRsaExtNull.c Pk/CryptPkcs5Pbkdf2Null.c Pk/CryptPkcs7SignNull.c - Pk/CryptPkcs7Verify.c + Pk/CryptPkcs7VerifyCommon.c + Pk/CryptPkcs7VerifyBase.c =20 Pk/CryptDhNull.c Pk/CryptX509Null.c diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c b/Cry= ptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c new file mode 100644 index 0000000000..a5442bd4b4 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c @@ -0,0 +1,131 @@ +/** @file + Non-runtime specific implementation of PKCS#7 SignedData Verification Wr= apper. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
This=20 +program and the accompanying materials are licensed and made available=20 +under the terms and conditions of the BSD License which accompanies=20 +this distribution. The full text of the license may be found at=20 +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#include "InternalCryptLib.h" + +#include +#include +#include +#include + +/** + Extracts the attached content from a PKCS#7 signed data if existed.=20 +The input signed + data could be wrapped in a ContentInfo structure. + + If P7Data, Content, or ContentSize is NULL, then return FALSE. If=20 + P7Length overflow, then return FALSE. If the P7Data is not correctly for= matted, then return FALSE. + + Caution: This function may receive untrusted input. So this function wil= l do + basic check for PKCS#7 data structure. + + @param[in] P7Data Pointer to the PKCS#7 signed data to process. + @param[in] P7Length Length of the PKCS#7 signed data in bytes. + @param[out] Content Pointer to the extracted content from the PKCS= #7 signedData. + It's caller's responsibility to free the buffe= r with FreePool(). + @param[out] ContentSize The size of the extracted content in bytes. + + @retval TRUE The P7Data was correctly formatted for process= ing. + @retval FALSE The P7Data was not correctly formatted for pro= cessing. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetAttachedContent ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT VOID **Content, + OUT UINTN *ContentSize + ) +{ + BOOLEAN Status; + PKCS7 *Pkcs7; + UINT8 *SignedData; + UINTN SignedDataSize; + BOOLEAN Wrapped; + CONST UINT8 *Temp; + ASN1_OCTET_STRING *OctStr; + + // + // Check input parameter. + // + if ((P7Data =3D=3D NULL) || (P7Length > INT_MAX) || (Content =3D=3D NULL= ) || (ContentSize =3D=3D NULL)) { + return FALSE; + } + + *Content =3D NULL; + Pkcs7 =3D NULL; + SignedData =3D NULL; + OctStr =3D NULL; + + Status =3D WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData,=20 + &SignedDataSize); if (!Status || (SignedDataSize > INT_MAX)) { + goto _Exit; + } + + Status =3D FALSE; + + // + // Decoding PKCS#7 SignedData + // + Temp =3D SignedData; + Pkcs7 =3D d2i_PKCS7 (NULL, (const unsigned char **)&Temp,=20 + (int)SignedDataSize); if (Pkcs7 =3D=3D NULL) { + goto _Exit; + } + + // + // The type of Pkcs7 must be signedData // if=20 + (!PKCS7_type_is_signed (Pkcs7)) { + goto _Exit; + } + + // + // Check for detached or attached content // if (PKCS7_get_detached=20 + (Pkcs7)) { + // + // No Content supplied for PKCS7 detached signedData + // + *Content =3D NULL; + *ContentSize =3D 0; + } else { + // + // Retrieve the attached content in PKCS7 signedData + // + OctStr =3D Pkcs7->d.sign->contents->d.data; + if ((OctStr->length > 0) && (OctStr->data !=3D NULL)) { + *ContentSize =3D OctStr->length; + *Content =3D AllocatePool (*ContentSize); + if (*Content =3D=3D NULL) { + *ContentSize =3D 0; + goto _Exit; + } + CopyMem (*Content, OctStr->data, *ContentSize); + } + } + Status =3D TRUE; + +_Exit: + // + // Release Resources + // + PKCS7_free (Pkcs7); + + if (!Wrapped) { + OPENSSL_free (SignedData); + } + + return Status; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoP= kg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c similarity index 85% rename from CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c rename to CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c index fe8e5950f9..66ebbb693c 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c @@ -10,7 +10,7 @@ WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenti= cated Variable and will do basic check for data structure. =20 -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -914,113 += 914,3 @@ _Exit: return Status; } =20 -/** - Extracts the attached content from a PKCS#7 signed data if existed. The = input signed - data could be wrapped in a ContentInfo structure. - - If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Leng= th overflow, - then return FALSE. If the P7Data is not correctly formatted, then return= FALSE. - - Caution: This function may receive untrusted input. So this function wil= l do - basic check for PKCS#7 data structure. - - @param[in] P7Data Pointer to the PKCS#7 signed data to process. - @param[in] P7Length Length of the PKCS#7 signed data in bytes. - @param[out] Content Pointer to the extracted content from the PKCS= #7 signedData. - It's caller's responsibility to free the buffe= r with FreePool(). - @param[out] ContentSize The size of the extracted content in bytes. - - @retval TRUE The P7Data was correctly formatted for process= ing. - @retval FALSE The P7Data was not correctly formatted for pro= cessing. - -**/ -BOOLEAN -EFIAPI -Pkcs7GetAttachedContent ( - IN CONST UINT8 *P7Data, - IN UINTN P7Length, - OUT VOID **Content, - OUT UINTN *ContentSize - ) -{ - BOOLEAN Status; - PKCS7 *Pkcs7; - UINT8 *SignedData; - UINTN SignedDataSize; - BOOLEAN Wrapped; - CONST UINT8 *Temp; - ASN1_OCTET_STRING *OctStr; - - // - // Check input parameter. - // - if ((P7Data =3D=3D NULL) || (P7Length > INT_MAX) || (Content =3D=3D NULL= ) || (ContentSize =3D=3D NULL)) { - return FALSE; - } - - *Content =3D NULL; - Pkcs7 =3D NULL; - SignedData =3D NULL; - OctStr =3D NULL; - - Status =3D WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &Sign= edDataSize); - if (!Status || (SignedDataSize > INT_MAX)) { - goto _Exit; - } - - Status =3D FALSE; - - // - // Decoding PKCS#7 SignedData - // - Temp =3D SignedData; - Pkcs7 =3D d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDat= aSize); - if (Pkcs7 =3D=3D NULL) { - goto _Exit; - } - - // - // The type of Pkcs7 must be signedData - // - if (!PKCS7_type_is_signed (Pkcs7)) { - goto _Exit; - } - - // - // Check for detached or attached content - // - if (PKCS7_get_detached (Pkcs7)) { - // - // No Content supplied for PKCS7 detached signedData - // - *Content =3D NULL; - *ContentSize =3D 0; - } else { - // - // Retrieve the attached content in PKCS7 signedData - // - OctStr =3D Pkcs7->d.sign->contents->d.data; - if ((OctStr->length > 0) && (OctStr->data !=3D NULL)) { - *ContentSize =3D OctStr->length; - *Content =3D AllocatePool (*ContentSize); - if (*Content =3D=3D NULL) { - *ContentSize =3D 0; - goto _Exit; - } - CopyMem (*Content, OctStr->data, *ContentSize); - } - } - Status =3D TRUE; - -_Exit: - // - // Release Resources - // - PKCS7_free (Pkcs7); - - if (!Wrapped) { - OPENSSL_free (SignedData); - } - - return Status; -} diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyRuntime.c b/= CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyRuntime.c new file mode 100644 index 0000000000..bbbd4f5892 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyRuntime.c @@ -0,0 +1,45 @@ +/** @file + Runtime specific implementation of PKCS#7 SignedData Verification Wrappe= r. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
This=20 +program and the accompanying materials are licensed and made available=20 +under the terms and conditions of the BSD License which accompanies=20 +this distribution. The full text of the license may be found at=20 +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + +#include "InternalCryptLib.h" + +/** + Extracts the attached content from a PKCS#7 signed data if existed.=20 +The input signed + data could be wrapped in a ContentInfo structure. + + Return FALSE to indicate this interface is not supported. + + @param[in] P7Data Pointer to the PKCS#7 signed data to process. + @param[in] P7Length Length of the PKCS#7 signed data in bytes. + @param[out] Content Pointer to the extracted content from the PKCS= #7 signedData. + It's caller's responsibility to free the buffe= r with FreePool(). + @param[out] ContentSize The size of the extracted content in bytes. + + @retval TRUE The P7Data was correctly formatted for process= ing. + @retval FALSE The P7Data was not correctly formatted for pro= cessing. + +**/ +BOOLEAN +EFIAPI +Pkcs7GetAttachedContent ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT VOID **Content, + OUT UINTN *ContentSize + ) +{ + ASSERT (FALSE); + return FALSE; +} + diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg= /Library/BaseCryptLib/RuntimeCryptLib.inf index 32628c8835..0a67918e4b 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -11,7 +11,7 @@ # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in = this instance. # -# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2019, Intel Corporation. All rights=20 +reserved.
# This program and the accompanying materials # are licensed and made a= vailable under the terms and conditions of the BSD License # which accomp= anies this distribution. The full text of the license may be found at @@ -= 54,7 +54,8 @@ Pk/CryptRsaExtNull.c Pk/CryptPkcs5Pbkdf2Null.c Pk/CryptPkcs7SignNull.c - Pk/CryptPkcs7Verify.c + Pk/CryptPkcs7VerifyCommon.c + Pk/CryptPkcs7VerifyRuntime.c Pk/CryptDhNull.c Pk/CryptX509.c Pk/CryptAuthenticodeNull.c @@ -84,7 +85,6 @@ [LibraryClasses] BaseLib BaseMemoryLib - MemoryAllocationLib UefiBootServicesTableLib UefiRuntimeServicesTableLib DebugLib diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Lib= rary/BaseCryptLib/SmmCryptLib.inf index 4829669c1f..b97ebb5256 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -11,7 +11,7 @@ # functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, = and # authenticode signature verification functions are not supported in = this instance. # -# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2019, Intel Corporation. All rights=20 +reserved.
# This program and the accompanying materials # are licensed and made a= vailable under the terms and conditions of the BSD License # which accomp= anies this distribution. The full text of the license may be found at @@ -= 54,7 +54,8 @@ Pk/CryptRsaExtNull.c Pk/CryptPkcs5Pbkdf2.c Pk/CryptPkcs7SignNull.c - Pk/CryptPkcs7Verify.c + Pk/CryptPkcs7VerifyCommon.c + Pk/CryptPkcs7VerifyBase.c Pk/CryptDhNull.c Pk/CryptX509.c Pk/CryptAuthenticodeNull.c -- 2.19.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel