summaryrefslogtreecommitdiff
path: root/Cryptlib/Pk/CryptAuthenticode.c
AgeCommit message (Collapse)Author
2022-11-15CryptoPkg/BaseCryptLib: fix NULL dereferenceJian J Wang
AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode pkcs#7 data. when this successfully returns, a type check is done by calling PKCS7_type_is_signed() and then Pkcs7->d.sign->contents->type is used. It is possible to construct an asn1 blob that successfully decodes and have d2i_PKCS7() return a valid pointer and have PKCS7_type_is_signed() also return success but have Pkcs7->d.sign be a NULL pointer. Looking at how PKCS7_verify() [inside of OpenSSL] implements checking for pkcs7 structs it does the following: - call PKCS7_type_is_signed() - call PKCS7_get_detached() Looking into how PKCS7_get_detatched() is implemented, it checks to see if p7->d.sign is NULL or if p7->d.sign->contents->d.ptr is NULL. As such, the fix is to do the same as OpenSSL after calling d2i_PKCS7(). - Add call to PKS7_get_detached() to existing error handling Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Cherry-picked-from: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
2017-03-24Update CryptlibGary Lin
Update to edk2 commit 6e4489d8129d233ef0fe85eeb6eebfecafe9ea6e (CryptoPkg: Refine type cast for pointer subtraction) Also replaced CryptAes.c, CryptArc4.c, CryptTdes.c, CryptMd4.c, CryptHmacMd5.c, and CryptHmacSha1.c with the Null version since we don't really need those functions. Signed-off-by: Gary Lin <glin@suse.com>
2016-09-06Update to openssl to 1.0.2eGary Lin
Also update Cryptlib to edk2 r19218 - Undefine NO_BUILTIN_VA_FUNCS in Cryptlib/OpenSSL/ for x86_64 to use the gcc builtins and remove all EFIAPI from the functions - Move the most of defines into the headers instead of Makefile - Remove the global variable 'timeval' - Remove the unused code: crypto/pqueue/* and crypto/ts/* - Include bn.h in MokManager.c due to the changes in openssl Signed-off-by: Gary Lin <glin@suse.com>
2015-07-28Update openssl to 1.0.2dGary Ching-Pang Lin
Also update Cryptlib to edk2 r17731 Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
2015-05-12Update Cryptlib and opensslGary Ching-Pang Lin
Update Cryptlib to r16559 and openssl to 0.9.8zf Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
2014-08-19Update openssl to 0.9.8zbGary Ching-Pang Lin
Also update to Tiano Cryptlib r15802 and remove the execute mode bits from the C and header files of openssl
2013-10-04Update to current Tiano CryptlibMatthew Garrett
2012-07-09Cryptlib updateMatthew Garrett
2012-06-18Add crypto librariesMatthew Garrett
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-05 05:32:17 +0000