UINT32 Index;\r
EFI_SIGNATURE_LIST *CertList;\r
EFI_SIGNATURE_DATA *Cert;\r
+ UINTN CertArraySizeInBytes;\r
UINTN CertCount;\r
UINT32 ItemDataSize;\r
\r
\r
ASSERT (CACert != NULL);\r
\r
+ //\r
+ // Sanity check\r
+ //\r
+ Status = EFI_INVALID_PARAMETER;\r
+ CertCount = 0;\r
+ ItemDataSize = (UINT32) CACertSize;\r
+ while (ItemDataSize > 0) {\r
+ if (ItemDataSize < sizeof (EFI_SIGNATURE_LIST)) {\r
+ DEBUG ((DEBUG_ERROR, "%a: truncated EFI_SIGNATURE_LIST header\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ CertList = (EFI_SIGNATURE_LIST *) (CACert + (CACertSize - ItemDataSize));\r
+\r
+ if (CertList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST)) {\r
+ DEBUG ((DEBUG_ERROR,\r
+ "%a: SignatureListSize too small for EFI_SIGNATURE_LIST\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ if (CertList->SignatureListSize > ItemDataSize) {\r
+ DEBUG ((DEBUG_ERROR, "%a: truncated EFI_SIGNATURE_LIST body\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ if (!CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r
+ DEBUG ((DEBUG_ERROR, "%a: only X509 certificates are supported\n",\r
+ __FUNCTION__));\r
+ Status = EFI_UNSUPPORTED;\r
+ goto FreeCACert;\r
+ }\r
+\r
+ if (CertList->SignatureHeaderSize != 0) {\r
+ DEBUG ((DEBUG_ERROR, "%a: SignatureHeaderSize must be 0 for X509\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ if (CertList->SignatureSize < sizeof (EFI_SIGNATURE_DATA)) {\r
+ DEBUG ((DEBUG_ERROR,\r
+ "%a: SignatureSize too small for EFI_SIGNATURE_DATA\n", __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ CertArraySizeInBytes = (CertList->SignatureListSize -\r
+ sizeof (EFI_SIGNATURE_LIST));\r
+ if (CertArraySizeInBytes % CertList->SignatureSize != 0) {\r
+ DEBUG ((DEBUG_ERROR,\r
+ "%a: EFI_SIGNATURE_DATA array not a multiple of SignatureSize\n",\r
+ __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
+ CertCount += CertArraySizeInBytes / CertList->SignatureSize;\r
+ ItemDataSize -= CertList->SignatureListSize;\r
+ }\r
+ if (CertCount == 0) {\r
+ DEBUG ((DEBUG_ERROR, "%a: no X509 certificates provided\n", __FUNCTION__));\r
+ goto FreeCACert;\r
+ }\r
+\r
//\r
// Enumerate all data and erasing the target item.\r
//\r