1 files changed, 190 insertions, 0 deletions
diff --git a/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c b/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
new file mode 100644
index 00000000..0deb7a20
--- /dev/null
+++ b/src/VBox/Devices/EFI/Firmware/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyBase.c
@@ -0,0 +1,190 @@
+/** @file
+  Non-runtime specific implementation of PKCS#7 SignedData Verification Wrapper.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pkcs7.h>
+
+/**
+  Check the contents of PKCS7 is not data.
+
+  It is copied from PKCS7_type_is_other() in pk7_doit.c.
+
+  @param[in] P7 Pointer to the location at which the PKCS7 is located.
+
+  @retval TRUE  If the type is others.
+  @retval FALSE If the type is expected.
+**/
+STATIC
+BOOLEAN
+Pkcs7TypeIsOther (
+  IN PKCS7 *P7
+  )
+{
+  BOOLEAN Others;
+  INTN    Nid = OBJ_obj2nid (P7->type);
+
+  switch (Nid) {
+    case NID_pkcs7_data:
+    case NID_pkcs7_signed:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_encrypted:
+      Others = FALSE;
+      break;
+    default:
+      Others = TRUE;
+  }
+
+  return Others;
+}
+
+/**
+  Get the ASN.1 string for the PKCS7.
+
+  It is copied from PKCS7_get_octet_string() in pk7_doit.c.
+
+  @param[in] P7 Pointer to the location at which the PKCS7 is located.
+
+  @return ASN1_OCTET_STRING ASN.1 string.
+**/
+STATIC
+ASN1_OCTET_STRING*
+Pkcs7GetOctetString (
+  IN PKCS7 *P7
+  )
+{
+  if (PKCS7_type_is_data (P7)) {
+    return P7->d.data;
+  }
+
+  if (Pkcs7TypeIsOther(P7) && (P7->d.other != NULL) &&
+      (P7->d.other->type == V_ASN1_OCTET_STRING)) {
+    return P7->d.other->value.octet_string;
+  }
+
+  return NULL;
+}
+
+/**
+  Extracts the attached content from a PKCS#7 signed data if existed. The input signed
+  data could be wrapped in a ContentInfo structure.
+
+  If P7Data, Content, or ContentSize is NULL, then return FALSE. If P7Length overflow,
+  then return FALSE. If the P7Data is not correctly formatted, then return FALSE.
+
+  Caution: This function may receive untrusted input. So this function will do
+           basic check for PKCS#7 data structure.
+
+  @param[in]   P7Data       Pointer to the PKCS#7 signed data to process.
+  @param[in]   P7Length     Length of the PKCS#7 signed data in bytes.
+  @param[out]  Content      Pointer to the extracted content from the PKCS#7 signedData.
+                            It's caller's responsibility to free the buffer with FreePool().
+  @param[out]  ContentSize  The size of the extracted content in bytes.
+
+  @retval     TRUE          The P7Data was correctly formatted for processing.
+  @retval     FALSE         The P7Data was not correctly formatted for processing.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs7GetAttachedContent (
+  IN  CONST UINT8  *P7Data,
+  IN  UINTN        P7Length,
+  OUT VOID         **Content,
+  OUT UINTN        *ContentSize
+  )
+{
+  BOOLEAN            Status;
+  PKCS7              *Pkcs7;
+  UINT8              *SignedData;
+  UINTN              SignedDataSize;
+  BOOLEAN            Wrapped;
+  CONST UINT8        *Temp;
+  ASN1_OCTET_STRING  *OctStr;
+
+  //
+  // Check input parameter.
+  //
+  if ((P7Data == NULL) || (P7Length > INT_MAX) || (Content == NULL) || (ContentSize == NULL)) {
+    return FALSE;
+  }
+
+  *Content   = NULL;
+  Pkcs7      = NULL;
+  SignedData = NULL;
+  OctStr     = NULL;
+
+  Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize);
+  if (!Status || (SignedDataSize > INT_MAX)) {
+    goto _Exit;
+  }
+
+  Status = FALSE;
+
+  //
+  // Decoding PKCS#7 SignedData
+  //
+  Temp  = SignedData;
+  Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (int)SignedDataSize);
+  if (Pkcs7 == NULL) {
+    goto _Exit;
+  }
+
+  //
+  // The type of Pkcs7 must be signedData
+  //
+  if (!PKCS7_type_is_signed (Pkcs7)) {
+    goto _Exit;
+  }
+
+  //
+  // Check for detached or attached content
+  //
+  if (PKCS7_get_detached (Pkcs7)) {
+    //
+    // No Content supplied for PKCS7 detached signedData
+    //
+    *Content     = NULL;
+    *ContentSize = 0;
+  } else {
+    //
+    // Retrieve the attached content in PKCS7 signedData
+    //
+    OctStr = Pkcs7GetOctetString (Pkcs7->d.sign->contents);
+    if (OctStr == NULL) {
+      goto _Exit;
+    }
+
+    if ((OctStr->length > 0) && (OctStr->data != NULL)) {
+      *ContentSize = OctStr->length;
+      *Content     = AllocatePool (*ContentSize);
+      if (*Content == NULL) {
+        *ContentSize = 0;
+        goto _Exit;
+      }
+      CopyMem (*Content, OctStr->data, *ContentSize);
+    }
+  }
+  Status = TRUE;
+
+_Exit:
+  //
+  // Release Resources
+  //
+  PKCS7_free (Pkcs7);
+
+  if (!Wrapped) {
+    OPENSSL_free (SignedData);
+  }
+
+  return Status;
+}