diff options
| author | chenc2 <chen.a.chen@intel.com> | 2017-11-07 09:01:26 +0800 |
|---|---|---|
| committer | Zhang, Chao B <chao.b.zhang@intel.com> | 2017-11-07 22:06:54 +0800 |
| commit | 62ba0febf517138a01c7a5f6d221ce6a2e4c28b6 (patch) | |
| tree | 584af2622a6a2039e834e856cd161fb127cf59ab /SecurityPkg | |
| parent | 3702637a528707704fb37defea042f7b10709ec4 (diff) | |
| download | edk2-62ba0febf517138a01c7a5f6d221ce6a2e4c28b6.tar.gz edk2-62ba0febf517138a01c7a5f6d221ce6a2e4c28b6.tar.bz2 edk2-62ba0febf517138a01c7a5f6d221ce6a2e4c28b6.zip | |
SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate
The function Pkcs7GetSigners return certificate stack as binary buffer.
Use EFI_CERT_DATA to parsing certificate stack more clearly, and access
certificate by the field of EFI_CERT_DATA structure.
Cc: Long Qin <qin.long@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>
Diffstat (limited to 'SecurityPkg')
| -rw-r--r-- | SecurityPkg/Library/AuthVariableLib/AuthService.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 6cbeb98535..213a524f27 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -1828,6 +1828,7 @@ VerifyTimeBasedPayload ( UINT8 *CertsInCertDb;
UINT32 CertsSizeinDb;
UINT8 Sha256Digest[SHA256_DIGEST_SIZE];
+ EFI_CERT_DATA *CertDataPtr;
//
// 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain
@@ -1841,6 +1842,7 @@ VerifyTimeBasedPayload ( SignerCerts = NULL;
TopLevelCert = NULL;
CertsInCertDb = NULL;
+ CertDataPtr = NULL;
//
// When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is
@@ -2098,9 +2100,10 @@ VerifyTimeBasedPayload ( //
// Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb
//
+ CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
Status = CalculatePrivAuthVarSignChainSHA256Digest(
- SignerCerts + sizeof(UINT8) + sizeof(UINT32),
- ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
+ CertDataPtr->CertDataBuffer,
+ ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
TopLevelCert,
TopLevelCertSize,
Sha256Digest
@@ -2135,12 +2138,13 @@ VerifyTimeBasedPayload ( //
// When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer
//
+ CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
Status = InsertCertsToDb (
VariableName,
VendorGuid,
Attributes,
- SignerCerts + sizeof(UINT8) + sizeof(UINT32),
- ReadUnaligned32 ((UINT32 *)(SignerCerts + sizeof(UINT8))),
+ CertDataPtr->CertDataBuffer,
+ ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
TopLevelCert,
TopLevelCertSize
);
|