From 8c5720b46575489fbf6dc4e0fad47124b817f8b5 Mon Sep 17 00:00:00 2001 From: tye1 Date: Thu, 22 Nov 2012 05:07:22 +0000 Subject: Fix issue that RsaPkcs1Verify() may not work in PEI phase. Signed-off-by: Ye Ting Reviewed-by: Yao Jiewen Reviewed-by: Long Qin git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 25 +++++++++++++++++----- .../RuntimeDxeIpfCryptLib.c | 2 +- 2 files changed, 21 insertions(+), 6 deletions(-) (limited to 'CryptoPkg/Library') diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c index 76754b4a72..cbe3c50fed 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -285,19 +285,23 @@ RsaPkcs1Verify ( IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashSize, - IN UINT8 *Signature, + IN CONST UINT8 *Signature, IN UINTN SigSize ) { INTN Length; + UINT8 *DecryptedSigature; // // Check input parameters. // - if (RsaContext == NULL || MessageHash == NULL || Signature == NULL || SigSize > INT_MAX) { + if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) { return FALSE; } + if (SigSize > INT_MAX || SigSize == 0) { + return FALSE; + } // // Check for unsupported hash size: @@ -306,14 +310,22 @@ RsaPkcs1Verify ( if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) { return FALSE; } - + + // + // Prepare buffer to store decrypted signature. + // + DecryptedSigature = (UINT8 *) malloc (SigSize); + if (DecryptedSigature == NULL) { + return FALSE; + } + // // RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key // Length = RSA_public_decrypt ( (UINT32) SigSize, Signature, - Signature, + DecryptedSigature, RsaContext, RSA_PKCS1_PADDING ); @@ -324,6 +336,7 @@ RsaPkcs1Verify ( // Ignore more strict length checking here. // if (Length < (INTN) HashSize) { + free (DecryptedSigature); return FALSE; } @@ -337,15 +350,17 @@ RsaPkcs1Verify ( // Then Memory Comparing should skip the DER value of the underlying SEQUENCE // type and AlgorithmIdentifier. // - if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) { + if (CompareMem (MessageHash, DecryptedSigature + Length - HashSize, HashSize) == 0) { // // Valid RSA PKCS#1 Signature // + free (DecryptedSigature); return TRUE; } else { // // Failed to verification // + free (DecryptedSigature); return FALSE; } } diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c index 68abc893fd..cd40d16233 100644 --- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c @@ -401,7 +401,7 @@ RsaPkcs1Verify ( IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashSize, - IN UINT8 *Signature, + IN CONST UINT8 *Signature, IN UINTN SigSize ) { -- cgit v1.2.3