Re: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.

["Sountharya N via groups.io" <sountharyan=ami.com@groups.io>]

Hi Yi,

I Removed 'Reviewed-by: @yi1.li@intel.com' and Sent V2 patch to devel@edk2.groups.io.

Thanks,
Sountharya

-----Original Message-----
From: Li, Yi1 <yi1.li@intel.com>
Sent: Tuesday, April 2, 2024 6:42 AM
To: Sountharya N <sountharyan@ami.com>; devel@edk2.groups.io
Cc: Srinivasan Mani <srinivasanm@ami.com>; Prarthana Sagar V <prarthanasv@ami.com>; Yao, Jiewen <jiewen.yao@intel.com>; Hou, Wenxing <wenxing.hou@intel.com>
Subject: RE: [EXTERNAL] RE: [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.

Hi,

Please remove 'Reviewed-by: @yi1.li@intel.com' and send V2 patch to devel@edk2.groups.io by send-email.

Generate V2 patch:
Add '--subject-prefix="PATCH V2" ' when you format patch:
git format-patch --subject-prefix="PATCH V2" ...

The content of patch looks good to me, will give you my Reviewed-by and push it after receiving your V2 patch.

Thanks,
Yi

-----Original Message-----
From: Sountharya N <sountharyan@ami.com>
Sent: Monday, April 1, 2024 7:23 PM
To: Li, Yi1 <yi1.li@intel.com>; devel@edk2.groups.io
Cc: MANI, SRINIVASAN <Srinivasanm@ami.com>; Prarthana Sagar V <prarthanasv@ami.com>; Yao, Jiewen <jiewen.yao@intel.com>; Hou, Wenxing <wenxing.hou@intel.com>
Subject: RE: [EXTERNAL] RE: [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.

Hi Yi,

As you suggested, modified the changes and gave PR. Here I have attached the Link for reference.
https://github.com/tianocore/edk2/pull/5507

Thanks,
Sountharya

-----Original Message-----
From: Li, Yi1 <yi1.li@intel.com>
Sent: Thursday, March 28, 2024 7:17 AM
To: devel@edk2.groups.io; Sountharya N <sountharyan@ami.com>
Cc: Srinivasan Mani <srinivasanm@ami.com>; Prarthana Sagar V <prarthanasv@ami.com>; Yao, Jiewen <jiewen.yao@intel.com>; Hou, Wenxing <wenxing.hou@intel.com>
Subject: [EXTERNAL] RE: [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.


**CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.**

Hi,

Please follow the correct upstream process to avoid Github CI errors.
https://github.com/tianocore/tianocore.github.io/wiki/Laszlo%27s-unkempt-git-guide-for-edk2-contributors-and-maintainers#contributor-workflow
You are missing your Sign-off and Cc maintainers in this patch, And please add BZ link to commit message: ''REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509''.

For your code change, '''ASN1_get_object() return error''' or  ''''''ASN1_get_object() success but Asn1Tag != V_ASN1_SEQUENCE ''' both need to be treated as errors and returned.
So you should use logic or instead of and.

Before you send V2 patch, please create a PR in EDK2 github to test CI: https://github.com/tianocore/edk2/pulls

Regards,
Yi

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Sountharya N via groups.io
Sent: Tuesday, March 19, 2024 1:44 PM
To: devel@edk2.groups.io; Sountharya N <sountharyan@ami.com>
Cc: MANI, SRINIVASAN <Srinivasanm@ami.com>; Prarthana Sagar V <prarthanasv@ami.com>
Subject: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.

Added Inf variable, and the error case returned value was checked properly.
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 1182323b63..ac05441383 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -839,17 +839,17 @@ X509GetTBSCert (
   Length = 0;

   Inf    = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize);



-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {

     return FALSE;

   }



   *TBSCert = (UINT8 *)Temp;



-  ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length);

+  Inf    = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length);

   //

   // Verify the parsed TBSCertificate is one correct SEQUENCE data.

   //

-  if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) {

+  if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) {

     return FALSE;

   }



--
2.35.1.windows.2
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.





-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117586): https://edk2.groups.io/g/devel/message/117586
Mute This Topic: https://groups.io/mt/105019593/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-