You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OpenSSL is very permissive and allows PKCS#7 signatures and X.509 certificates to use ASN.1 BER indefinite-length encoding. The first is permitted by standards, while the second is not.
However, EDK2 needs to parse PKCS#7 signatures itself. Supporting indefinite-length encoding makes this significantly harder to do properly. It definitely is not impossible, but it makes the task harder than it would be otherwise. This leads to additional attack surface.
Furthermore, the current code already fails to handle indefinite-length encoding in certain places. The Authenticode signature validator assumes that the object identifer for the digest algorithm is at offset 32 and checks that the outermost tag uses 2-byte length encoding. This will be the case for DER encoding if the signature length is between 279 and 65539 bytes (inclusive). Most general BER encodings, especially ones using indefinite lengths, do not meet this requirement.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
OpenSSL is very permissive and allows PKCS#7 signatures and X.509 certificates to use ASN.1 BER indefinite-length encoding. The first is permitted by standards, while the second is not.
However, EDK2 needs to parse PKCS#7 signatures itself. Supporting indefinite-length encoding makes this significantly harder to do properly. It definitely is not impossible, but it makes the task harder than it would be otherwise. This leads to additional attack surface.
Furthermore, the current code already fails to handle indefinite-length encoding in certain places. The Authenticode signature validator assumes that the object identifer for the digest algorithm is at offset 32 and checks that the outermost tag uses 2-byte length encoding. This will be the case for DER encoding if the signature length is between 279 and 65539 bytes (inclusive). Most general BER encodings, especially ones using indefinite lengths, do not meet this requirement.
Beta Was this translation helpful? Give feedback.
All reactions