diff options
Diffstat (limited to 'SecurityPkg')
-rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 18 | ||||
-rw-r--r-- | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 11 |
2 files changed, 24 insertions, 5 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 2475f35..959a9b0 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -852,6 +852,8 @@ IsCertHashFoundInDatabase ( UINT8 CertDigest[MAX_DIGEST_SIZE];
UINT8 *DbxCertHash;
UINTN SiglistHeaderSize;
+ UINT8 *TBSCert;
+ UINTN TBSCertSize;
IsFound = FALSE;
DbxList = SignatureList;
@@ -859,8 +861,16 @@ IsCertHashFoundInDatabase ( HashCtx = NULL;
HashAlg = HASHALG_MAX;
- ASSERT (RevocationTime != NULL);
- ASSERT (DbxList != NULL);
+ if ((RevocationTime == NULL) || (DbxList == NULL)) {
+ return FALSE;
+ }
+
+ //
+ // Retrieve the TBSCertificate from the X.509 Certificate.
+ //
+ if (!X509GetTBSCert (Certificate, CertSize, &TBSCert, &TBSCertSize)) {
+ return FALSE;
+ }
while ((DbxSize > 0) && (SignatureListSize >= DbxList->SignatureListSize)) {
//
@@ -879,7 +889,7 @@ IsCertHashFoundInDatabase ( }
//
- // Calculate the hash value of current db certificate for comparision.
+ // Calculate the hash value of current TBSCertificate for comparision.
//
if (mHash[HashAlg].GetContextSize == NULL) {
goto Done;
@@ -893,7 +903,7 @@ IsCertHashFoundInDatabase ( if (!Status) {
goto Done;
}
- Status = mHash[HashAlg].HashUpdate (HashCtx, Certificate, CertSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize);
if (!Status) {
goto Done;
}
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 517d9d9..5b8ae7e 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -1073,6 +1073,8 @@ CalculateCertHash ( BOOLEAN Status;
VOID *HashCtx;
UINTN CtxSize;
+ UINT8 *TBSCert;
+ UINTN TBSCertSize;
HashCtx = NULL;
Status = FALSE;
@@ -1082,6 +1084,13 @@ CalculateCertHash ( }
//
+ // Retrieve the TBSCertificate for Hash Calculation.
+ //
+ if (!X509GetTBSCert (CertData, CertSize, &TBSCert, &TBSCertSize)) {
+ return FALSE;
+ }
+
+ //
// 1. Initialize context of hash.
//
CtxSize = mHash[HashAlg].GetContextSize ();
@@ -1099,7 +1108,7 @@ CalculateCertHash ( //
// 3. Calculate the hash.
//
- Status = mHash[HashAlg].HashUpdate (HashCtx, CertData, CertSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize);
if (!Status) {
goto Done;
}
|