tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix issue that RsaPkcs1Verify() may not work in PEI phase. 

Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
tye1 2012-11-22 05:07:22 +00:00
parent 275beb2b53
commit 8c5720b465
6 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CryptoPkg/CryptRuntimeDxe/CryptRuntime.c
View File

@ -205,7 +205,7 @@ RuntimeCryptRsaPkcs1Verify (
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashLength,
IN UINT8 *Signature,
IN CONST UINT8 *Signature,
IN UINTN SigLength
)
{

2
CryptoPkg/CryptRuntimeDxe/CryptRuntime.h
View File

@ -179,7 +179,7 @@ RuntimeCryptRsaPkcs1Verify (
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashLength,
IN UINT8 *Signature,
IN CONST UINT8 *Signature,
IN UINTN SigLength
);

2
CryptoPkg/Include/Library/BaseCryptLib.h
View File

@ -1498,7 +1498,7 @@ RsaPkcs1Verify (
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
IN UINT8 *Signature,
IN CONST UINT8 *Signature,
IN UINTN SigSize
);

2
CryptoPkg/Include/Protocol/RuntimeCrypt.h
View File

@ -181,7 +181,7 @@ BOOLEAN
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashLength,
IN UINT8 *Signature,
IN CONST UINT8 *Signature,
IN UINTN SigLength
);

25
CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
View File

@ -285,19 +285,23 @@ RsaPkcs1Verify (
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
IN UINT8 *Signature,
IN CONST UINT8 *Signature,
IN UINTN SigSize
)
{
INTN Length;
UINT8 *DecryptedSigature;
//
// Check input parameters.
//
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL || SigSize > INT_MAX) {
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
return FALSE;
}
if (SigSize > INT_MAX || SigSize == 0) {
return FALSE;
}
//
// Check for unsupported hash size:
@ -306,14 +310,22 @@ RsaPkcs1Verify (
if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {
return FALSE;
}
//
// Prepare buffer to store decrypted signature.
//
DecryptedSigature = (UINT8 *) malloc (SigSize);
if (DecryptedSigature == NULL) {
return FALSE;
}
//
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
//
Length = RSA_public_decrypt (
(UINT32) SigSize,
Signature,
Signature,
DecryptedSigature,
RsaContext,
RSA_PKCS1_PADDING
);
@ -324,6 +336,7 @@ RsaPkcs1Verify (
// Ignore more strict length checking here.
//
if (Length < (INTN) HashSize) {
free (DecryptedSigature);
return FALSE;
}
@ -337,15 +350,17 @@ RsaPkcs1Verify (
// Then Memory Comparing should skip the DER value of the underlying SEQUENCE
// type and AlgorithmIdentifier.
//
if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {
if (CompareMem (MessageHash, DecryptedSigature + Length - HashSize, HashSize) == 0) {
//
// Valid RSA PKCS#1 Signature
//
free (DecryptedSigature);
return TRUE;
} else {
//
// Failed to verification
//
free (DecryptedSigature);
return FALSE;
}
}

2
CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
View File

@ -401,7 +401,7 @@ RsaPkcs1Verify (
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
IN UINT8 *Signature,
IN CONST UINT8 *Signature,
IN UINTN SigSize
)
{