X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FVariableAuthenticated%2FRuntimeDxe%2FAuthService.c;h=96b1f403c363f0005431a1a7f9404986022c783c;hp=25089ef0f6415ef6df5dfeb080be31d95f89e71e;hb=4ccef56102cc104ad0bc881f5312f84fb4e569ef;hpb=9a12e5825aa338f9a81fca3d451bb032fadaad33 diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 25089ef0f6..96b1f403c3 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -32,9 +32,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /// /// Global database array for scratch /// -UINT8 mPubKeyStore[MAX_KEYDB_SIZE]; +UINT8 *mPubKeyStore; UINT32 mPubKeyNumber; -UINT8 mCertDbStore[MAX_CERTDB_SIZE]; +UINT32 mMaxKeyNumber; +UINT32 mMaxKeyDbSize; +UINT8 *mCertDbStore; +UINT32 mMaxCertDbSize; UINT32 mPlatformMode; UINT8 mVendorKeyState; @@ -183,6 +186,25 @@ AutenticatedVariableServiceInitialize ( return EFI_OUT_OF_RESOURCES; } + // + // Reserve runtime buffer for public key database. The size excludes variable header and name size. + // + mMaxKeyDbSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME); + mMaxKeyNumber = mMaxKeyDbSize / EFI_CERT_TYPE_RSA2048_SIZE; + mPubKeyStore = AllocateRuntimePool (mMaxKeyDbSize); + if (mPubKeyStore == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Reserve runtime buffer for certificate database. The size excludes variable header and name size. + // + mMaxCertDbSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME); + mCertDbStore = AllocateRuntimePool (mMaxCertDbSize); + if (mCertDbStore == NULL) { + return EFI_OUT_OF_RESOURCES; + } + // // Prepare runtime buffer for serialized data of time-based authenticated // Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data). @@ -450,6 +472,7 @@ AutenticatedVariableServiceInitialize ( Add public key in store and return its index. @param[in] PubKey Input pointer to Public Key data + @param[in] VariableDataEntry The variable data entry @return Index of new added item @@ -502,7 +525,7 @@ AddPubKeyInStore ( // // Add public key in database. // - if (mPubKeyNumber == MAX_KEY_NUM) { + if (mPubKeyNumber == mMaxKeyNumber) { // // Public key dadatase is full, try to reclaim invalid key. // @@ -544,7 +567,7 @@ AddPubKeyInStore ( CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize); mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE); - if (mPubKeyNumber == MAX_KEY_NUM) { + if (mPubKeyNumber == mMaxKeyNumber) { return 0; } } @@ -1995,7 +2018,7 @@ InsertCertsToDb ( NameSize = (UINT32) StrLen (VariableName); CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16); NewCertDbSize = (UINT32) DataSize + CertNodeSize; - if (NewCertDbSize > MAX_CERTDB_SIZE) { + if (NewCertDbSize > mMaxCertDbSize) { return EFI_OUT_OF_RESOURCES; } NewCertDb = (UINT8*) mCertDbStore; @@ -2121,6 +2144,7 @@ VerifyTimeBasedPayload ( WrapSigData = NULL; SignerCerts = NULL; RootCert = NULL; + CertsInCertDb = NULL; // // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is