X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FDxeImageVerificationLib%2FDxeImageVerificationLib.c;h=959a9b062db3714fa13b244452a93a43cf3b821a;hp=443926b5079c2a0d3c296eaeae02de523e36d285;hb=35a26499af72f2b0131c5d09141f3da00faf6005;hpb=213cc1000e6af3c90aefdef2f0f9d5aa99f758d1 diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 443926b507..959a9b062d 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -841,7 +841,7 @@ IsCertHashFoundInDatabase ( ) { BOOLEAN IsFound; - EFI_STATUS Status; + BOOLEAN Status; EFI_SIGNATURE_LIST *DbxList; UINTN DbxSize; EFI_SIGNATURE_DATA *CertHash; @@ -852,6 +852,8 @@ IsCertHashFoundInDatabase ( UINT8 CertDigest[MAX_DIGEST_SIZE]; UINT8 *DbxCertHash; UINTN SiglistHeaderSize; + UINT8 *TBSCert; + UINTN TBSCertSize; IsFound = FALSE; DbxList = SignatureList; @@ -859,8 +861,16 @@ IsCertHashFoundInDatabase ( HashCtx = NULL; HashAlg = HASHALG_MAX; - ASSERT (RevocationTime != NULL); - ASSERT (DbxList != NULL); + if ((RevocationTime == NULL) || (DbxList == NULL)) { + return FALSE; + } + + // + // Retrieve the TBSCertificate from the X.509 Certificate. + // + if (!X509GetTBSCert (Certificate, CertSize, &TBSCert, &TBSCertSize)) { + return FALSE; + } while ((DbxSize > 0) && (SignatureListSize >= DbxList->SignatureListSize)) { // @@ -879,7 +889,7 @@ IsCertHashFoundInDatabase ( } // - // Calculate the hash value of current db certificate for comparision. + // Calculate the hash value of current TBSCertificate for comparision. // if (mHash[HashAlg].GetContextSize == NULL) { goto Done; @@ -893,7 +903,7 @@ IsCertHashFoundInDatabase ( if (!Status) { goto Done; } - Status = mHash[HashAlg].HashUpdate (HashCtx, Certificate, CertSize); + Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize); if (!Status) { goto Done; }