X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FDxeImageVerificationLib%2FDxeImageVerificationLib.c;h=959a9b062db3714fa13b244452a93a43cf3b821a;hp=2475f35c85f544342d3b7610dc4abd07dcb3ef83;hb=12d95665cb0e088afe2cd395f0acc7fdb2604acc;hpb=270fc03f3e0c4d446926d490f1f9bb9ae0f2cf27

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 2475f35c85..959a9b062d 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -852,6 +852,8 @@ IsCertHashFoundInDatabase (
   UINT8               CertDigest[MAX_DIGEST_SIZE];
   UINT8               *DbxCertHash;
   UINTN               SiglistHeaderSize;
+  UINT8               *TBSCert;
+  UINTN               TBSCertSize;
 
   IsFound  = FALSE;
   DbxList  = SignatureList;
@@ -859,8 +861,16 @@ IsCertHashFoundInDatabase (
   HashCtx  = NULL;
   HashAlg  = HASHALG_MAX;
 
-  ASSERT (RevocationTime != NULL);
-  ASSERT (DbxList != NULL);
+  if ((RevocationTime == NULL) || (DbxList == NULL)) {
+    return FALSE;
+  }
+
+  //
+  // Retrieve the TBSCertificate from the X.509 Certificate.
+  //
+  if (!X509GetTBSCert (Certificate, CertSize, &TBSCert, &TBSCertSize)) {
+    return FALSE;
+  }
 
   while ((DbxSize > 0) && (SignatureListSize >= DbxList->SignatureListSize)) {
     //
@@ -879,7 +889,7 @@ IsCertHashFoundInDatabase (
     }
 
     //
-    // Calculate the hash value of current db certificate for comparision.
+    // Calculate the hash value of current TBSCertificate for comparision.
     //
     if (mHash[HashAlg].GetContextSize == NULL) {
       goto Done;
@@ -893,7 +903,7 @@ IsCertHashFoundInDatabase (
     if (!Status) {
       goto Done;
     }
-    Status = mHash[HashAlg].HashUpdate (HashCtx, Certificate, CertSize);
+    Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize);
     if (!Status) {
       goto Done;
     }