diff options
| author | Guomin Jiang <guomin.jiang@intel.com> | 2020-03-30 15:17:49 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-05-06 03:37:39 +0000 |
| commit | 469eb461695b8ff7c19e4b82916240f8d56974f1 (patch) | |
| tree | 96d1605d706ae25ac5c8115f1e3ee4030fb03a8b /CryptoPkg | |
| parent | 55d6e39f72ba2003ef59aac91af34e96a09060db (diff) | |
| download | edk2-469eb461695b8ff7c19e4b82916240f8d56974f1.tar.gz edk2-469eb461695b8ff7c19e4b82916240f8d56974f1.tar.bz2 edk2-469eb461695b8ff7c19e4b82916240f8d56974f1.zip | |
CryptoPkg/Pkcs7: Extend support for other OID types
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2539
Microsoft signtool supports creation of attached P7's with any OID payload
via the "/p7co" parameter. It is necessary to check the data before get
the string.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Diffstat (limited to 'CryptoPkg')
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c | 67 |
1 files changed, 66 insertions, 1 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c index 313f459b11..112c13c226 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c @@ -14,6 +14,67 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <openssl/pkcs7.h>
/**
+ Check the contents of PKCS7 is not data.
+
+ It is copied from PKCS7_type_is_other() in pk7_doit.c.
+
+ @param[in] P7 Pointer to the location at which the PKCS7 is located.
+
+ @retval TRUE If the type is others.
+ @retval FALSE If the type is expected.
+**/
+STATIC
+BOOLEAN
+Pkcs7TypeIsOther (
+ IN PKCS7 *P7
+ )
+{
+ BOOLEAN Others;
+ INTN Nid = OBJ_obj2nid (P7->type);
+
+ switch (Nid) {
+ case NID_pkcs7_data:
+ case NID_pkcs7_signed:
+ case NID_pkcs7_enveloped:
+ case NID_pkcs7_signedAndEnveloped:
+ case NID_pkcs7_encrypted:
+ Others = FALSE;
+ break;
+ default:
+ Others = TRUE;
+ }
+
+ return Others;
+}
+
+/**
+ Get the ASN.1 string for the PKCS7.
+
+ It is copied from PKCS7_get_octet_string() in pk7_doit.c.
+
+ @param[in] P7 Pointer to the location at which the PKCS7 is located.
+
+ @return ASN1_OCTET_STRING ASN.1 string.
+**/
+STATIC
+ASN1_OCTET_STRING*
+Pkcs7GetOctetString (
+ IN PKCS7 *P7
+ )
+{
+ if (PKCS7_type_is_data (P7)) {
+ return P7->d.data;
+ }
+
+ if (Pkcs7TypeIsOther(P7) && (P7->d.other != NULL) &&
+ (P7->d.other->type == V_ASN1_OCTET_STRING)) {
+ return P7->d.other->value.octet_string;
+ }
+
+ return NULL;
+}
+
+/**
Extracts the attached content from a PKCS#7 signed data if existed. The input signed
data could be wrapped in a ContentInfo structure.
@@ -98,7 +159,11 @@ Pkcs7GetAttachedContent ( //
// Retrieve the attached content in PKCS7 signedData
//
- OctStr = Pkcs7->d.sign->contents->d.data;
+ OctStr = Pkcs7GetOctetString (Pkcs7->d.sign->contents);
+ if (OctStr == NULL) {
+ goto _Exit;
+ }
+
if ((OctStr->length > 0) && (OctStr->data != NULL)) {
*ContentSize = OctStr->length;
*Content = AllocatePool (*ContentSize);
|