mirror of https://github.com/acidanthera/audk.git
Fix issue that RsaPkcs1Verify() may not work in PEI phase.
Signed-off-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
275beb2b53
commit
8c5720b465
|
@ -205,7 +205,7 @@ RuntimeCryptRsaPkcs1Verify (
|
||||||
IN VOID *RsaContext,
|
IN VOID *RsaContext,
|
||||||
IN CONST UINT8 *MessageHash,
|
IN CONST UINT8 *MessageHash,
|
||||||
IN UINTN HashLength,
|
IN UINTN HashLength,
|
||||||
IN UINT8 *Signature,
|
IN CONST UINT8 *Signature,
|
||||||
IN UINTN SigLength
|
IN UINTN SigLength
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
|
|
|
@ -179,7 +179,7 @@ RuntimeCryptRsaPkcs1Verify (
|
||||||
IN VOID *RsaContext,
|
IN VOID *RsaContext,
|
||||||
IN CONST UINT8 *MessageHash,
|
IN CONST UINT8 *MessageHash,
|
||||||
IN UINTN HashLength,
|
IN UINTN HashLength,
|
||||||
IN UINT8 *Signature,
|
IN CONST UINT8 *Signature,
|
||||||
IN UINTN SigLength
|
IN UINTN SigLength
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -1498,7 +1498,7 @@ RsaPkcs1Verify (
|
||||||
IN VOID *RsaContext,
|
IN VOID *RsaContext,
|
||||||
IN CONST UINT8 *MessageHash,
|
IN CONST UINT8 *MessageHash,
|
||||||
IN UINTN HashSize,
|
IN UINTN HashSize,
|
||||||
IN UINT8 *Signature,
|
IN CONST UINT8 *Signature,
|
||||||
IN UINTN SigSize
|
IN UINTN SigSize
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -181,7 +181,7 @@ BOOLEAN
|
||||||
IN VOID *RsaContext,
|
IN VOID *RsaContext,
|
||||||
IN CONST UINT8 *MessageHash,
|
IN CONST UINT8 *MessageHash,
|
||||||
IN UINTN HashLength,
|
IN UINTN HashLength,
|
||||||
IN UINT8 *Signature,
|
IN CONST UINT8 *Signature,
|
||||||
IN UINTN SigLength
|
IN UINTN SigLength
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -285,19 +285,23 @@ RsaPkcs1Verify (
|
||||||
IN VOID *RsaContext,
|
IN VOID *RsaContext,
|
||||||
IN CONST UINT8 *MessageHash,
|
IN CONST UINT8 *MessageHash,
|
||||||
IN UINTN HashSize,
|
IN UINTN HashSize,
|
||||||
IN UINT8 *Signature,
|
IN CONST UINT8 *Signature,
|
||||||
IN UINTN SigSize
|
IN UINTN SigSize
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
INTN Length;
|
INTN Length;
|
||||||
|
UINT8 *DecryptedSigature;
|
||||||
|
|
||||||
//
|
//
|
||||||
// Check input parameters.
|
// Check input parameters.
|
||||||
//
|
//
|
||||||
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL || SigSize > INT_MAX) {
|
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (SigSize > INT_MAX || SigSize == 0) {
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Check for unsupported hash size:
|
// Check for unsupported hash size:
|
||||||
|
@ -307,13 +311,21 @@ RsaPkcs1Verify (
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Prepare buffer to store decrypted signature.
|
||||||
|
//
|
||||||
|
DecryptedSigature = (UINT8 *) malloc (SigSize);
|
||||||
|
if (DecryptedSigature == NULL) {
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
|
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
|
||||||
//
|
//
|
||||||
Length = RSA_public_decrypt (
|
Length = RSA_public_decrypt (
|
||||||
(UINT32) SigSize,
|
(UINT32) SigSize,
|
||||||
Signature,
|
Signature,
|
||||||
Signature,
|
DecryptedSigature,
|
||||||
RsaContext,
|
RsaContext,
|
||||||
RSA_PKCS1_PADDING
|
RSA_PKCS1_PADDING
|
||||||
);
|
);
|
||||||
|
@ -324,6 +336,7 @@ RsaPkcs1Verify (
|
||||||
// Ignore more strict length checking here.
|
// Ignore more strict length checking here.
|
||||||
//
|
//
|
||||||
if (Length < (INTN) HashSize) {
|
if (Length < (INTN) HashSize) {
|
||||||
|
free (DecryptedSigature);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -337,15 +350,17 @@ RsaPkcs1Verify (
|
||||||
// Then Memory Comparing should skip the DER value of the underlying SEQUENCE
|
// Then Memory Comparing should skip the DER value of the underlying SEQUENCE
|
||||||
// type and AlgorithmIdentifier.
|
// type and AlgorithmIdentifier.
|
||||||
//
|
//
|
||||||
if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {
|
if (CompareMem (MessageHash, DecryptedSigature + Length - HashSize, HashSize) == 0) {
|
||||||
//
|
//
|
||||||
// Valid RSA PKCS#1 Signature
|
// Valid RSA PKCS#1 Signature
|
||||||
//
|
//
|
||||||
|
free (DecryptedSigature);
|
||||||
return TRUE;
|
return TRUE;
|
||||||
} else {
|
} else {
|
||||||
//
|
//
|
||||||
// Failed to verification
|
// Failed to verification
|
||||||
//
|
//
|
||||||
|
free (DecryptedSigature);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -401,7 +401,7 @@ RsaPkcs1Verify (
|
||||||
IN VOID *RsaContext,
|
IN VOID *RsaContext,
|
||||||
IN CONST UINT8 *MessageHash,
|
IN CONST UINT8 *MessageHash,
|
||||||
IN UINTN HashSize,
|
IN UINTN HashSize,
|
||||||
IN UINT8 *Signature,
|
IN CONST UINT8 *Signature,
|
||||||
IN UINTN SigSize
|
IN UINTN SigSize
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue