Guomin, Please use edk2 coding style of symbol name and data type as possible as you can in “our” code. Regards, Jian From: guomin jiang Sent: Thursday, March 26, 2020 3:47 PM To: devel@edk2.groups.io Cc: Wang, Jian J ; Lu, XiaoyuX Subject: Re:[edk2-devel] [PATCH] CryptoPkg: Check the type is data and Support other OID types. Hi jian and xiaoyu, could you please help review this change. -------- Original message -------- From: "GuoMinJ via Groups.Io" > Date: Wed, Feb 26, 2020, 10:24 AM To: devel@edk2.groups.io Cc: GuoMinJ > Subject: [edk2-devel] [PATCH] CryptoPkg: Check the type is data and Support other OID types. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2539 Microsoft signtool supports creation of attached P7's with any OID payload via the "/p7co" parameter. It is necessary to check the data before get the string. Signed-off-by: GuoMinJ > --- .../BaseCryptLib/Pk/CryptPkcs7VerifyBase.c | 51 ++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c index 313f459b11..d437e52e1f 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c @@ -13,6 +13,53 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +/** + Check the contents of PKCS7 is not data. + + @param p7 Pointer to the location which the PKCS7 is located at. + + @return int The content type. +**/ +static int PKCS7_type_is_other(PKCS7 *p7) +{ + int isOther = 1; + + int nid = OBJ_obj2nid(p7->type); + + switch (nid) { + case NID_pkcs7_data: + case NID_pkcs7_signed: + case NID_pkcs7_enveloped: + case NID_pkcs7_signedAndEnveloped: + case NID_pkcs7_digest: + case NID_pkcs7_encrypted: + isOther = 0; + break; + default: + isOther = 1; + } + + return isOther; + +} + +/** + Get the ASN.1 string for the PKCS7. + + @param p7 Pointer to the location which the PKCS7 is located at. + + @return ASN1_OCTET_STRING ASN.1 string. +**/ +static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) +{ + if (PKCS7_type_is_data(p7)) + return p7->d.data; + if (PKCS7_type_is_other(p7) && p7->d.other + && (p7->d.other->type == V_ASN1_OCTET_STRING)) + return p7->d.other->value.octet_string; + return NULL; +} + /** Extracts the attached content from a PKCS#7 signed data if existed. The input signed data could be wrapped in a ContentInfo structure. @@ -98,7 +145,9 @@ Pkcs7GetAttachedContent ( // // Retrieve the attached content in PKCS7 signedData // - OctStr = Pkcs7->d.sign->contents->d.data; + OctStr = PKCS7_get_octet_string(Pkcs7->d.sign->contents); + DEBUG ((DEBUG_INFO, "OctStr->Type: %x\n", OctStr->type)); + DEBUG ((DEBUG_INFO, "OctStr->Length: %x\n", OctStr->length)); if ((OctStr->length > 0) && (OctStr->data != NULL)) { *ContentSize = OctStr->length; *Content = AllocatePool (*ContentSize); -- 2.17.1