X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=CryptoPkg%2FLibrary%2FBaseCryptLib%2FPk%2FCryptPkcs7Verify.c;h=b8cfa4286dd509fc644ea6b22b0b89fe9f02838f;hp=a1bab8a0ce56ed3f908ce1da767121e094d5c6c9;hb=afeb55e4a67ed42eb1f822d06776166dfd7c4140;hpb=bfc2fc9e90ae15bec3e4f84e31bf1c1fe34a915e diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c index a1bab8a0ce..b8cfa4286d 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c @@ -680,4 +680,111 @@ _Exit: } return Status; -} \ No newline at end of file +} + +/** + Extracts the attached content from a PKCS#7 signed data if existed. The input signed + data could be wrapped in a ContentInfo structure. + + If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow, + then return FAlSE. If the P7Data is not correctly formatted, then return FALSE. + + Caution: This function may receive untrusted input. So this function will do + basic check for PKCS#7 data structure. + + @param[in] P7Data Pointer to the PKCS#7 signed data to process. + @param[in] P7Length Length of the PKCS#7 signed data in bytes. + @param[out] Content Pointer to the extracted content from the PKCS#7 signedData. + It's caller's responsiblity to free the buffer. + @param[out] ContentSize The size of the extracted content in bytes. + + @retval TRUE The P7Data was correctly formatted for processing. + @retval FALSE The P7Data was not correctly formatted for processing. + +*/ +BOOLEAN +EFIAPI +Pkcs7GetAttachedContent ( + IN CONST UINT8 *P7Data, + IN UINTN P7Length, + OUT VOID **Content, + OUT UINTN *ContentSize + ) +{ + BOOLEAN Status; + PKCS7 *Pkcs7; + UINT8 *SignedData; + UINTN SignedDataSize; + BOOLEAN Wrapped; + CONST UINT8 *Temp; + ASN1_OCTET_STRING *OctStr; + + *Content = NULL; + Pkcs7 = NULL; + SignedData = NULL; + OctStr = NULL; + + // + // Check input parameter. + // + if ((P7Data == NULL) || (P7Length > INT_MAX) || (Content == NULL) || (ContentSize == NULL)) { + return FALSE; + } + + Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); + if (!Status || (SignedDataSize > INT_MAX)) { + goto _Exit; + } + + Status = FALSE; + + // + // Decoding PKCS#7 SignedData + // + Temp = SignedData; + Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize); + if (Pkcs7 == NULL) { + goto _Exit; + } + + // + // The type of Pkcs7 must be signedData + // + if (!PKCS7_type_is_signed (Pkcs7)) { + goto _Exit; + } + + // + // Check for detached or attached content + // + if (PKCS7_get_detached (Pkcs7)) { + // + // No Content supplied for PKCS7 detached signedData + // + *Content = NULL; + *ContentSize = 0; + } else { + // + // Retrieve the attached content in PKCS7 signedData + // + OctStr = Pkcs7->d.sign->contents->d.data; + if ((OctStr->length > 0) && (OctStr->data != NULL)) { + *ContentSize = OctStr->length; + *Content = malloc (*ContentSize); + CopyMem (*Content, OctStr->data, *ContentSize); + } + } + Status = TRUE; + +_Exit: + // + // Release Resources + // + PKCS7_free (Pkcs7); + + if (!Wrapped) { + OPENSSL_free (SignedData); + } + + return Status; +}