Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value checking when get X509Cert
+Srinivasan Mani, +Prarthana Sagar, +Gayathri Thunuguntla -Original Message- From: Li, Yi1 Sent: Sunday, May 19, 2024 6:41 PM To: Sountharya N Cc: Yao, Jiewen ; devel@edk2.groups.io; Li, Yi1 ; Shang, Qingyu Subject: [EXTERNAL] RE: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value checking when get X509Cert **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** Hi @sounthar...@ami.com, I already asked Qingyu to help raise patch. Will merge it after hard freeze. Thanks, Yi -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Yi Sent: Wednesday, May 15, 2024 11:32 PM To: devel@edk2.groups.io; Shang, Qingyu Cc: Yao, Jiewen Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value checking when get X509Cert Looks good to me. Reviewed-by: Yi Li We are in Hard Freeze phase, will push it after freeze. Thanks. -Original Message- From: devel@edk2.groups.io On Behalf Of Qingyu Sent: Wednesday, May 15, 2024 8:58 PM To: devel@edk2.groups.io Cc: Shang, Qingyu ; Yao, Jiewen ; Li, Yi1 Subject: [edk2-devel] [PATCH 1/1] CryptoPkg: Fix bug for correct return value checking when get X509Cert From: Qingyu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509 CryptX509.c file has X509GetTBSCert() funtion and it is added Inf variable to collect the return value of ASN1_get_object(), which return 0x80 in error case. Supplement the return value check during the second function call and correct the check logic. Signed-off-by: Qingyu Cc: Jiewen Yao Cc: Yi Li --- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 1182323b63ee..7ebec9dbad5b 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -839,17 +839,17 @@ X509GetTBSCert ( Length = 0; Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } *TBSCert = (UINT8 *)Temp; - ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); + Inf = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int + *)&ObjClass, (long)Length); // // Verify the parsed TBSCertificate is one correct SEQUENCE data. // - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } -- 2.44.0.windows.1 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119109): https://edk2.groups.io/g/devel/message/119109 Mute This Topic: https://groups.io/mt/106113214/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] CryptoPkg: Check ASN1_get_object() return value
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509 In ASN1_get_object(), Inf should compare with 0x80 instead of 0x00. Cc: Sountharya N Signed-off-by: Sountharya N --- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 1182323b63..021cc328f8 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -839,17 +839,17 @@ X509GetTBSCert ( Length = 0; Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } *TBSCert = (UINT8 *)Temp; - ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); + Inf = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); // // Verify the parsed TBSCertificate is one correct SEQUENCE data. // - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } -- 2.35.1.windows.2 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119054): https://edk2.groups.io/g/devel/message/119054 Mute This Topic: https://groups.io/mt/106158469/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] CryptoPkg: Check ASN1_get_object() return value
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509 ASN1_get_object() returns (0x80) in error case and it is compared with (0x00). If ASN1_get_object() returns 0x80 it should returns FALSE, but here it is compared with (0x00) and if it returns 0x80 it is coming out of the condition and makes the function TRUE. Cc: Sountharya N Cc: Prarthana Sagar V Cc: Gayathri Thunuguntla Cc: Srinivasan Mani Cc: Yi Li Signed-off-by: Sountharya N --- ...e-check-ASN1_get_object-return-value.patch | 47 +++ 1 file changed, 47 insertions(+) create mode 100644 0001-Add-variable-check-ASN1_get_object-return-value.patch diff --git a/0001-Add-variable-check-ASN1_get_object-return-value.patch b/0001-Add-variable-check-ASN1_get_object-return-value.patch new file mode 100644 index 00..3bd7f69ab2 --- /dev/null +++ b/0001-Add-variable-check-ASN1_get_object-return-value.patch @@ -0,0 +1,47 @@ +grom 4bffb95cc9f16f1ee25155b0dde9e7dc7288134a Mon Sep 17 00:00:00 2001 +From: Sountharya N +Date: Fri, 17 May 2024 15:30:51 +0530 +Subject: [PATCH] Add variable&check ASN1_get_object() return value +To: sounthar...@ami.com + +REF: "https://bugzilla.tianocore.org/show_bug.cgi?id=4509"; + +ASN1_get_object() returns (0x80) in error case and it is compared with (0x00). If ASN1_get_object() returns 0x80 it should returns FALSE, but here it is compared with (0x00) and if it returns 0x80 it is coming out of the condition and makes the function TRUE. + +Cc: Sountharya N + +Cc: Shenba + +Signed-off-by: Sountharya N +--- + CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +index 1182323b63..021cc328f8 100644 +--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +@@ -839,17 +839,17 @@ X509GetTBSCert ( + Length = 0; + Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); + +- if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { ++ if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) { + return FALSE; + } + + *TBSCert = (UINT8 *)Temp; + +- ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); ++ Inf = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); + // + // Verify the parsed TBSCertificate is one correct SEQUENCE data. + // +- if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { ++ if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) { + return FALSE; + } + +-- +2.35.1.windows.2 + -- 2.35.1.windows.2 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119053): https://edk2.groups.io/g/devel/message/119053 Mute This Topic: https://groups.io/mt/106158469/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.
Hi Yi, I Removed 'Reviewed-by: @yi1...@intel.com' and Sent V2 patch to devel@edk2.groups.io. Thanks, Sountharya -Original Message- From: Li, Yi1 Sent: Tuesday, April 2, 2024 6:42 AM To: Sountharya N ; devel@edk2.groups.io Cc: Srinivasan Mani ; Prarthana Sagar V ; Yao, Jiewen ; Hou, Wenxing Subject: RE: [EXTERNAL] RE: [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c. Hi, Please remove 'Reviewed-by: @yi1...@intel.com' and send V2 patch to devel@edk2.groups.io by send-email. Generate V2 patch: Add '--subject-prefix="PATCH V2" ' when you format patch: git format-patch --subject-prefix="PATCH V2" ... The content of patch looks good to me, will give you my Reviewed-by and push it after receiving your V2 patch. Thanks, Yi -Original Message- From: Sountharya N Sent: Monday, April 1, 2024 7:23 PM To: Li, Yi1 ; devel@edk2.groups.io Cc: MANI, SRINIVASAN ; Prarthana Sagar V ; Yao, Jiewen ; Hou, Wenxing Subject: RE: [EXTERNAL] RE: [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c. Hi Yi, As you suggested, modified the changes and gave PR. Here I have attached the Link for reference. https://github.com/tianocore/edk2/pull/5507 Thanks, Sountharya -Original Message- From: Li, Yi1 Sent: Thursday, March 28, 2024 7:17 AM To: devel@edk2.groups.io; Sountharya N Cc: Srinivasan Mani ; Prarthana Sagar V ; Yao, Jiewen ; Hou, Wenxing Subject: [EXTERNAL] RE: [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c. **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** Hi, Please follow the correct upstream process to avoid Github CI errors. https://github.com/tianocore/tianocore.github.io/wiki/Laszlo%27s-unkempt-git-guide-for-edk2-contributors-and-maintainers#contributor-workflow You are missing your Sign-off and Cc maintainers in this patch, And please add BZ link to commit message: ''REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509''. For your code change, '''ASN1_get_object() return error''' or ''''''ASN1_get_object() success but Asn1Tag != V_ASN1_SEQUENCE ''' both need to be treated as errors and returned. So you should use logic or instead of and. Before you send V2 patch, please create a PR in EDK2 github to test CI: https://github.com/tianocore/edk2/pulls Regards, Yi -Original Message- From: devel@edk2.groups.io On Behalf Of Sountharya N via groups.io Sent: Tuesday, March 19, 2024 1:44 PM To: devel@edk2.groups.io; Sountharya N Cc: MANI, SRINIVASAN ; Prarthana Sagar V Subject: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c. Added Inf variable, and the error case returned value was checked properly. --- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 1182323b63..ac05441383 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -839,17 +839,17 @@ X509GetTBSCert ( Length = 0; Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } *TBSCert = (UINT8 *)Temp; - ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); + Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); // // Verify the parsed TBSCertificate is one correct SEQUENCE data. // - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } -- 2.35.1.windows.2 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential
[edk2-devel] [PATCH] PATCH_V2
--- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 1182323b63..021cc328f8 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -839,17 +839,17 @@ X509GetTBSCert ( Length = 0; Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } *TBSCert = (UINT8 *)Temp; - ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); + Inf = ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); // // Verify the parsed TBSCertificate is one correct SEQUENCE data. // - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) || (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } -- 2.35.1.windows.2 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117585): https://edk2.groups.io/g/devel/message/117585 Mute This Topic: https://groups.io/mt/105441473/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.
Hi Yi, As you suggested, modified the changes and gave PR. Here I have attached the Link for reference. https://github.com/tianocore/edk2/pull/5507 Thanks, Sountharya -Original Message- From: Li, Yi1 Sent: Thursday, March 28, 2024 7:17 AM To: devel@edk2.groups.io; Sountharya N Cc: Srinivasan Mani ; Prarthana Sagar V ; Yao, Jiewen ; Hou, Wenxing Subject: [EXTERNAL] RE: [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c. **CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.** Hi, Please follow the correct upstream process to avoid Github CI errors. https://github.com/tianocore/tianocore.github.io/wiki/Laszlo%27s-unkempt-git-guide-for-edk2-contributors-and-maintainers#contributor-workflow You are missing your Sign-off and Cc maintainers in this patch, And please add BZ link to commit message: ''REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4509''. For your code change, '''ASN1_get_object() return error''' or ''''''ASN1_get_object() success but Asn1Tag != V_ASN1_SEQUENCE ''' both need to be treated as errors and returned. So you should use logic or instead of and. Before you send V2 patch, please create a PR in EDK2 github to test CI: https://github.com/tianocore/edk2/pulls Regards, Yi -Original Message- From: devel@edk2.groups.io On Behalf Of Sountharya N via groups.io Sent: Tuesday, March 19, 2024 1:44 PM To: devel@edk2.groups.io; Sountharya N Cc: MANI, SRINIVASAN ; Prarthana Sagar V Subject: [edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c. Added Inf variable, and the error case returned value was checked properly. --- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 1182323b63..ac05441383 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -839,17 +839,17 @@ X509GetTBSCert ( Length = 0; Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } *TBSCert = (UINT8 *)Temp; - ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); + Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); // // Verify the parsed TBSCertificate is one correct SEQUENCE data. // - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } -- 2.35.1.windows.2 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117317): https://edk2.groups.io/g/devel/message/117317 Mute This Topic: https://groups.io/mt/105019593/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] CryptoPkg: BaseCryptLib: ASN1_get_object() function return value is not checked properly in CryptX509.c.
Added Inf variable, and the error case returned value was checked properly. --- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c index 1182323b63..ac05441383 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c @@ -839,17 +839,17 @@ X509GetTBSCert ( Length = 0; Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } *TBSCert = (UINT8 *)Temp; - ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); + Inf= ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); // // Verify the parsed TBSCertificate is one correct SEQUENCE data. // - if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { + if (((Inf & 0x80) == 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) { return FALSE; } -- 2.35.1.windows.2 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116878): https://edk2.groups.io/g/devel/message/116878 Mute This Topic: https://groups.io/mt/105019593/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] RE : when will Edk2 Update CryptoPkg with OpenSSL 3.0
Hi, OpenSSL 1.1.1 series reach End of Life (EOL) on 11th September 2023. For Next Edk2 Release, it is possible to update openssl to 3.0? or When Openssl_3.0 will be updated in edk2. Kindly provide your comments. Thanks, Sountharya From: Sountharya N Sent: Thursday, June 29, 2023 1:00 PM To: devel@edk2.groups.io Cc: Prarthana Sagar V ; Srinivasan Mani ; Gayathri Thunuguntla Subject: RE : when will Edk2 Update CryptoPkg with OpenSSL 3.0 Hi, OpenSSL 1.1.1 series reach End of Life (EOL) on 11th September 2023. For Next Edk2 Release, it is possible to update openssl to 3.0? or When Openssl_3.0 will be updated in edk2. Kindly provide your comments. Thanks, Sountharya -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107425): https://edk2.groups.io/g/devel/message/107425 Mute This Topic: https://groups.io/mt/99849823/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] RE : when will Edk2 Update CryptoPkg with OpenSSL 3.0
Hi, OpenSSL 1.1.1 series reach End of Life (EOL) on 11th September 2023. For Next Edk2 Release, it is possible to update openssl to 3.0? or When Openssl_3.0 will be updated in edk2. Kindly provide your comments. Thanks, Sountharya -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106516): https://edk2.groups.io/g/devel/message/106516 Mute This Topic: https://groups.io/mt/99849823/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] RE : Build Error after adding GLOBAL_REMOVE_IF_UNREFERENCED in CryptoPkg's CryptTs.c file
Hi, We are facing Build error in Old platforms after adding GLOBAL_REMOVE_IF_UNREFERENCED in CryptoPkg's CryptTs.c file in edk202211 tag. GLOBAL_REMOVE_IF_UNREFERENCED macro is defined in MdePkg/Include/Base.h // // The Microsoft* C compiler can removed references to unreferenced data items // if the /OPT:REF linker option is used. We defined a macro as this is a // a non standard extension // #if defined (_MSC_VER) && _MSC_VER < 1800 && !defined (MDE_CPU_EBC) /// /// Remove global variable from the linked image if there are no references to /// it after all compiler and linker optimizations have been performed. /// /// #define GLOBAL_REMOVE_IF_UNREFERENCED __declspec(selectany) #else /// /// Remove the global variable from the linked image if there are no references /// to it after all compiler and linker optimizations have been performed. /// /// #define GLOBAL_REMOVE_IF_UNREFERENCED #endif Facing Below Build Error: Building ... d:\bakerville\crypto\5.14_bakerville_0acjf044\MdePkg\Library\DxeServicesLib\DxeServicesLib.inf [X64] d:\bakerville\crypto\5.14_bakerville_0acjf044\CryptoPkg\Library\BaseCryptLib\Pk\CryptTs.c(58) : error C2496: 'TS_MESSAGE_IMPRINT_new' : 'selectany' can only be applied to data items with external linkage d:\bakerville\crypto\5.14_bakerville_0acjf044\CryptoPkg\Library\BaseCryptLib\Pk\CryptTs.c(89) : error C2496: 'TS_ACCURACY_new' : 'selectany' can only be applied to data items with external linkage d:\bakerville\crypto\5.14_bakerville_0acjf044\CryptoPkg\Library\BaseCryptLib\Pk\CryptTs.c(141) : error C2496: 'TS_TST_INFO_new' : 'selectany' can only be applied to data items with external linkage NMAKE : fatal error U1077: 'F:\Tools\WINDDK\7600.16385.1\bin\x86\amd64\cl.exe' : return code '0x2' Stop. AmiFlashLibCommon.c Assembling: d:\bakerville\crypto\5.14_bakerville_0acjf044\Build\YubaCity\RELEASE_MYTOOLS\X64\AmiCompatibilityPkg\Library\AmiDxeLib\OUTPUT\x64\x64AsmLib\GetCpuTimer.iii build... : error 7000: Failed to execute command nmake.exe /nologo -s tbuild [d:\bakerville\crypto\5.14_bakerville_0acjf044\Build\YubaCity\RELEASE_MYTOOLS\X64\CryptoPkg\Library\BaseCryptLib\BaseCryptLib] After commenting GLOBAL_REMOVE_IF_UNREFERENCED macro in CryptTs.c file, project builds successfully. Kindly, provide your comments. Thanks, Sountharya -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98818): https://edk2.groups.io/g/devel/message/98818 Mute This Topic: https://groups.io/mt/96357910/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-