From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web12.3918.1586496022111081711 for ; Thu, 09 Apr 2020 22:20:22 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jian.j.wang@intel.com) IronPort-SDR: 03kdr07DB+mcndpMnsCAtlv1R6/d4OmcyMtW+aYuJKIwRLZkEJpoE4RBZVG2QiXugz2SIX8+lO 2nFejYjJdHkw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Apr 2020 22:20:21 -0700 IronPort-SDR: AhroyjaAC6+SS+rBcaHAnCvJggHDa4WzJe+zAFu5hxHMJCZDb68u+YATq5ILgxG9pVa4O/BIJO YAm+kDEcNiSQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,364,1580803200"; d="scan'208";a="362359980" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga001.fm.intel.com with ESMTP; 09 Apr 2020 22:20:21 -0700 Received: from fmsmsx120.amr.corp.intel.com (10.18.124.208) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 9 Apr 2020 22:20:20 -0700 Received: from shsmsx106.ccr.corp.intel.com (10.239.4.159) by fmsmsx120.amr.corp.intel.com (10.18.124.208) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 9 Apr 2020 22:20:20 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.191]) by SHSMSX106.ccr.corp.intel.com ([169.254.10.89]) with mapi id 14.03.0439.000; Fri, 10 Apr 2020 13:20:17 +0800 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "Jiang, Guomin" CC: "Lu, XiaoyuX" Subject: Re: [edk2-devel] [PATCH v3] CryptoPkg/Pkcs7: Extend support for other OID types Thread-Topic: [edk2-devel] [PATCH v3] CryptoPkg/Pkcs7: Extend support for other OID types Thread-Index: AQHWDuAl6ztvfsDiYkiaiTVmBA/Onahx0Rdw Date: Fri, 10 Apr 2020 05:20:16 +0000 Message-ID: References: <20200410023117.1322-1-guomin.jiang@intel.com> In-Reply-To: <20200410023117.1322-1-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Guomin, The coding style is still not matching edk2 requirement completely. Could y= ou check again every symbol not from openssl? Regards, Jian > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Guomin > Jiang > Sent: Friday, April 10, 2020 10:31 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: [edk2-devel] [PATCH v3] CryptoPkg/Pkcs7: Extend support for othe= r OID > types >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2539 >=20 > Microsoft signtool supports creation of attached P7's with any OID payloa= d > via the "/p7co" parameter. It is necessary to check the data before get > the string. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Signed-off-by: Guomin Jiang > --- > .../BaseCryptLib/Pk/CryptPkcs7VerifyBase.c | 63 ++++++++++++++++++- > 1 file changed, 62 insertions(+), 1 deletion(-) >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c > index 313f459b11..00840e7f83 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c > @@ -13,6 +13,63 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include >=20 > #include >=20 >=20 >=20 > +/** >=20 > + Check the contents of PKCS7 is not data. >=20 > + >=20 > + It is copied from PKCS7_type_is_other() in pk7_doit.c. >=20 > + >=20 > + @param p7 Pointer to the location which the PKCS7 is located at. >=20 > + >=20 > + @return int The content type. >=20 > +**/ >=20 > +static >=20 > +int >=20 > +Pkcs7TypeIsOther ( >=20 > + PKCS7 *p7 >=20 > + ) >=20 > +{ >=20 > + int isOthers =3D 1; >=20 > + int nid =3D OBJ_obj2nid(p7->type); >=20 > + >=20 > + switch (nid) { >=20 > + case NID_pkcs7_data: >=20 > + case NID_pkcs7_signed: >=20 > + case NID_pkcs7_enveloped: >=20 > + case NID_pkcs7_signedAndEnveloped: >=20 > + case NID_pkcs7_encrypted: >=20 > + isOthers =3D 0; >=20 > + break; >=20 > + default: >=20 > + isOthers =3D 1; >=20 > + } >=20 > + >=20 > + return isOthers; >=20 > +} >=20 > + >=20 > +/** >=20 > + Get the ASN.1 string for the PKCS7. >=20 > + >=20 > + It is copied from PKCS7_get_octet_string() in pk7_doit.c. >=20 > + @param p7 Pointer to the location which the PKCS7 is located at. >=20 > + >=20 > + @return ASN1_OCTET_STRING ASN.1 string. >=20 > +**/ >=20 > +static >=20 > +ASN1_OCTET_STRING* >=20 > +Pkcs7GetOctetString ( >=20 > + PKCS7 *p7 >=20 > + ) >=20 > +{ >=20 > + if (PKCS7_type_is_data(p7)) { >=20 > + return p7->d.data; >=20 > + } >=20 > + if (Pkcs7TypeIsOther(p7) && p7->d.other && >=20 > + (p7->d.other->type =3D=3D V_ASN1_OCTET_STRING)) { >=20 > + return p7->d.other->value.octet_string; >=20 > + } >=20 > + return NULL; >=20 > +} >=20 > + >=20 > /** >=20 > Extracts the attached content from a PKCS#7 signed data if existed. Th= e input > signed >=20 > data could be wrapped in a ContentInfo structure. >=20 > @@ -98,7 +155,11 @@ Pkcs7GetAttachedContent ( > // >=20 > // Retrieve the attached content in PKCS7 signedData >=20 > // >=20 > - OctStr =3D Pkcs7->d.sign->contents->d.data; >=20 > + OctStr =3D Pkcs7GetOctetString (Pkcs7->d.sign->contents); >=20 > + if (OctStr =3D=3D NULL) { >=20 > + goto _Exit; >=20 > + } >=20 > + >=20 > if ((OctStr->length > 0) && (OctStr->data !=3D NULL)) { >=20 > *ContentSize =3D OctStr->length; >=20 > *Content =3D AllocatePool (*ContentSize); >=20 > -- > 2.25.1.windows.1 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. >=20 > View/Reply Online (#57175): https://edk2.groups.io/g/devel/message/57175 > Mute This Topic: https://groups.io/mt/72912787/1768734 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [jian.j.wang@intel.com= ] > -=3D-=3D-=3D-=3D-=3D-=3D