* [patch] SecurityPkg: Fix potential bug in Security Boot dxe.
@ 2017-02-21 2:53 Zhang Lubo
2017-02-22 8:31 ` Zhang, Chao B
0 siblings, 1 reply; 3+ messages in thread
From: Zhang Lubo @ 2017-02-21 2:53 UTC (permalink / raw)
To: edk2-devel; +Cc: Chao Zhang, Long Qin, Yao Jiewen
since we removed the sha-1 definition in Hash table
and related macro, but the macro definition HashAlg index
may be value 4 which is exceed the range of the Hash
table array.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
---
.../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
index bea9470..58030c4 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
@@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel;
#define WIN_CERT_UEFI_RSA2048_SIZE 256
//
// Support hash types
//
-#define HASHALG_SHA224 0x00000001
-#define HASHALG_SHA256 0x00000002
-#define HASHALG_SHA384 0x00000003
-#define HASHALG_SHA512 0x00000004
-#define HASHALG_RAW 0x00000005
-#define HASHALG_MAX 0x00000005
+#define HASHALG_SHA224 0x00000000
+#define HASHALG_SHA256 0x00000001
+#define HASHALG_SHA384 0x00000002
+#define HASHALG_SHA512 0x00000003
+#define HASHALG_RAW 0x00000004
+#define HASHALG_MAX 0x00000004
typedef struct {
UINTN Signature;
LIST_ENTRY Head;
--
1.9.5.msysgit.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [patch] SecurityPkg: Fix potential bug in Security Boot dxe.
2017-02-21 2:53 [patch] SecurityPkg: Fix potential bug in Security Boot dxe Zhang Lubo
@ 2017-02-22 8:31 ` Zhang, Chao B
2017-02-22 8:39 ` Zhang, Lubo
0 siblings, 1 reply; 3+ messages in thread
From: Zhang, Chao B @ 2017-02-22 8:31 UTC (permalink / raw)
To: Zhang, Lubo, edk2-devel@lists.01.org; +Cc: Yao, Jiewen, Long, Qin
Lubo:
If you change HASH algo definition, please also update SecureBootConfig.vfr accordingly.
Or you may keep SHA1 algo definition & keep RAW & MAX unchanged
-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhang Lubo
Sent: Tuesday, February 21, 2017 10:53 AM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>; Long, Qin <qin.long@intel.com>
Subject: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot dxe.
since we removed the sha-1 definition in Hash table and related macro, but the macro definition HashAlg index may be value 4 which is exceed the range of the Hash table array.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
---
.../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
index bea9470..58030c4 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo
+++ nfigImpl.h
@@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel;
#define WIN_CERT_UEFI_RSA2048_SIZE 256
//
// Support hash types
//
-#define HASHALG_SHA224 0x00000001
-#define HASHALG_SHA256 0x00000002
-#define HASHALG_SHA384 0x00000003
-#define HASHALG_SHA512 0x00000004
-#define HASHALG_RAW 0x00000005
-#define HASHALG_MAX 0x00000005
+#define HASHALG_SHA224 0x00000000
+#define HASHALG_SHA256 0x00000001
+#define HASHALG_SHA384 0x00000002
+#define HASHALG_SHA512 0x00000003
+#define HASHALG_RAW 0x00000004
+#define HASHALG_MAX 0x00000004
typedef struct {
UINTN Signature;
LIST_ENTRY Head;
--
1.9.5.msysgit.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch] SecurityPkg: Fix potential bug in Security Boot dxe.
2017-02-22 8:31 ` Zhang, Chao B
@ 2017-02-22 8:39 ` Zhang, Lubo
0 siblings, 0 replies; 3+ messages in thread
From: Zhang, Lubo @ 2017-02-22 8:39 UTC (permalink / raw)
To: Zhang, Chao B, edk2-devel@lists.01.org; +Cc: Yao, Jiewen, Long, Qin
Thanks , I will update the HASH value definition in VFR to keep them consistent with macro definition .
> -----Original Message-----
> From: Zhang, Chao B
> Sent: Wednesday, February 22, 2017 4:31 PM
> To: Zhang, Lubo <lubo.zhang@intel.com>; edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Long, Qin <qin.long@intel.com>
> Subject: RE: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot dxe.
>
> Lubo:
> If you change HASH algo definition, please also update SecureBootConfig.vfr
> accordingly.
> Or you may keep SHA1 algo definition & keep RAW & MAX unchanged
>
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhang
> Lubo
> Sent: Tuesday, February 21, 2017 10:53 AM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>; Long, Qin <qin.long@intel.com>
> Subject: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot dxe.
>
> since we removed the sha-1 definition in Hash table and related macro, but the
> macro definition HashAlg index may be value 4 which is exceed the range of the
> Hash table array.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Long Qin <qin.long@intel.com>
> Cc: Yao Jiewen <jiewen.yao@intel.com>
> ---
> .../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI
> mpl.h
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI
> mpl.h
> index bea9470..58030c4 100644
> ---
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI
> mpl.h
> +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo
> +++ nfigImpl.h
> @@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel;
> #define WIN_CERT_UEFI_RSA2048_SIZE 256
>
> //
> // Support hash types
> //
> -#define HASHALG_SHA224 0x00000001
> -#define HASHALG_SHA256 0x00000002
> -#define HASHALG_SHA384 0x00000003
> -#define HASHALG_SHA512 0x00000004
> -#define HASHALG_RAW 0x00000005
> -#define HASHALG_MAX 0x00000005
> +#define HASHALG_SHA224 0x00000000
> +#define HASHALG_SHA256 0x00000001
> +#define HASHALG_SHA384 0x00000002
> +#define HASHALG_SHA512 0x00000003
> +#define HASHALG_RAW 0x00000004
> +#define HASHALG_MAX 0x00000004
>
>
> typedef struct {
> UINTN Signature;
> LIST_ENTRY Head;
> --
> 1.9.5.msysgit.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-22 8:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-21 2:53 [patch] SecurityPkg: Fix potential bug in Security Boot dxe Zhang Lubo
2017-02-22 8:31 ` Zhang, Chao B
2017-02-22 8:39 ` Zhang, Lubo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox