Add SPC_INDIRECT_DATA_OBJID check to make sure contentType equals to the

specific value defined in Authenticode PE specification.

Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by:Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13853 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
index a4f62b22b5675dd3589087d30849ce0ee527a82d..bb5f6d4b0d862dba66e64208d2597839bc56b3fe 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c
@@ -26,6 +26,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <openssl/x509.h>\r
 #include <openssl/pkcs7.h>\r
 \r
+//\r
+// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID\r
+//\r
+UINT8 mSpcIndirectOidValue[] = {\r
+  0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04\r
+  };\r
 \r
 /**\r
   Verifies the validility of a PE/COFF Authenticode Signature as described in "Windows\r
@@ -70,6 +76,7 @@ AuthenticodeVerify (
   UINT8        *SpcIndirectDataContent;\r
   UINT8        Asn1Byte;\r
   UINTN        ContentSize;\r
+  UINT8        *SpcIndirectDataOid;\r
 \r
   //\r
   // Check input parameters.\r
@@ -106,6 +113,19 @@ AuthenticodeVerify (
   //       some authenticode-specific structure. Use opaque ASN.1 string to retrieve\r
   //       PKCS#7 ContentInfo here.\r
   //\r
+  SpcIndirectDataOid = (UINT8 *)(Pkcs7->d.sign->contents->type->data);\r
+  if (CompareMem (\r
+        SpcIndirectDataOid,\r
+        mSpcIndirectOidValue,\r
+        sizeof (mSpcIndirectOidValue)\r
+        ) != 0) {\r
+    //\r
+    // Un-matched SPC_INDIRECT_DATA_OBJID.\r
+    //\r
+    goto _Exit;\r
+  }  \r
+\r
+\r
   SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data);\r
 \r
   //\r