diff options
| author | tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-11-22 05:07:22 +0000 |
|---|---|---|
| committer | tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-11-22 05:07:22 +0000 |
| commit | 8c5720b46575489fbf6dc4e0fad47124b817f8b5 (patch) | |
| tree | 247a198d726c8205c272a3d083ec13769b07f0e7 /CryptoPkg | |
| parent | 275beb2b53898e91ea92afe96fa56f0ab91b997f (diff) | |
| download | edk2-platforms-8c5720b46575489fbf6dc4e0fad47124b817f8b5.tar.xz | |
Fix issue that RsaPkcs1Verify() may not work in PEI phase.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'CryptoPkg')
| -rw-r--r-- | CryptoPkg/CryptRuntimeDxe/CryptRuntime.c | 2 | ||||
| -rw-r--r-- | CryptoPkg/CryptRuntimeDxe/CryptRuntime.h | 2 | ||||
| -rw-r--r-- | CryptoPkg/Include/Library/BaseCryptLib.h | 2 | ||||
| -rw-r--r-- | CryptoPkg/Include/Protocol/RuntimeCrypt.h | 2 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 25 | ||||
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c | 2 |
6 files changed, 25 insertions, 10 deletions
diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c index 75d89648e4..47a92fec65 100644 --- a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c +++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c @@ -205,7 +205,7 @@ RuntimeCryptRsaPkcs1Verify ( IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashLength,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigLength
)
{
diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h index 86476450f4..a7d21fd3ff 100644 --- a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h +++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h @@ -179,7 +179,7 @@ RuntimeCryptRsaPkcs1Verify ( IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashLength,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigLength
);
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 4564d7be65..504f405396 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1498,7 +1498,7 @@ RsaPkcs1Verify ( IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigSize
);
diff --git a/CryptoPkg/Include/Protocol/RuntimeCrypt.h b/CryptoPkg/Include/Protocol/RuntimeCrypt.h index bb03a622e9..35fd43cd75 100644 --- a/CryptoPkg/Include/Protocol/RuntimeCrypt.h +++ b/CryptoPkg/Include/Protocol/RuntimeCrypt.h @@ -181,7 +181,7 @@ BOOLEAN IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashLength,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigLength
);
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c index 76754b4a72..cbe3c50fed 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -285,19 +285,23 @@ RsaPkcs1Verify ( IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigSize
)
{
INTN Length;
+ UINT8 *DecryptedSigature;
//
// Check input parameters.
//
- if (RsaContext == NULL || MessageHash == NULL || Signature == NULL || SigSize > INT_MAX) {
+ if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
return FALSE;
}
+ if (SigSize > INT_MAX || SigSize == 0) {
+ return FALSE;
+ }
//
// Check for unsupported hash size:
@@ -306,14 +310,22 @@ RsaPkcs1Verify ( if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {
return FALSE;
}
-
+
+ //
+ // Prepare buffer to store decrypted signature.
+ //
+ DecryptedSigature = (UINT8 *) malloc (SigSize);
+ if (DecryptedSigature == NULL) {
+ return FALSE;
+ }
+
//
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
//
Length = RSA_public_decrypt (
(UINT32) SigSize,
Signature,
- Signature,
+ DecryptedSigature,
RsaContext,
RSA_PKCS1_PADDING
);
@@ -324,6 +336,7 @@ RsaPkcs1Verify ( // Ignore more strict length checking here.
//
if (Length < (INTN) HashSize) {
+ free (DecryptedSigature);
return FALSE;
}
@@ -337,15 +350,17 @@ RsaPkcs1Verify ( // Then Memory Comparing should skip the DER value of the underlying SEQUENCE
// type and AlgorithmIdentifier.
//
- if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {
+ if (CompareMem (MessageHash, DecryptedSigature + Length - HashSize, HashSize) == 0) {
//
// Valid RSA PKCS#1 Signature
//
+ free (DecryptedSigature);
return TRUE;
} else {
//
// Failed to verification
//
+ free (DecryptedSigature);
return FALSE;
}
}
diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c index 68abc893fd..cd40d16233 100644 --- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c @@ -401,7 +401,7 @@ RsaPkcs1Verify ( IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigSize
)
{
|