]> git.proxmox.com Git - mirror_edk2.git/commit
projects / mirror_edk2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7afef31) | patch
SecurityPkg/AuthVariableLib: Check SHA-256 OID with ContentInfo present
authorJan Bobek <jbobek@nvidia.com>
Sun, 22 Jan 2023 21:53:48 +0000 (05:53 +0800)
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Mon, 23 Jan 2023 06:03:31 +0000 (06:03 +0000)
commit37d3eb026a766b2405daae47e02094c2ec248646
tree6de0eac64b9c4812a869152e53f6c76301e0dd3ctree
parent7afef31b2b17d1a8d5248eb562352c6d3505ea14commit | diff
SecurityPkg/AuthVariableLib: Check SHA-256 OID with ContentInfo present

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4305

Based on whether the DER-encoded ContentInfo structure is present in
authenticated SetVariable payload or not, the SHA-256 OID can be
located at different places.

UEFI specification explicitly states the driver shall support both
cases, but the old code assumed ContentInfo was not present and
incorrectly rejected authenticated variable updates when it were
present.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
SecurityPkg/Library/AuthVariableLib/AuthService.c diff | blob | blame | history
EFI Development Kit II mirror for PVE