From 8c5720b46575489fbf6dc4e0fad47124b817f8b5 Mon Sep 17 00:00:00 2001 From: tye1 Date: Thu, 22 Nov 2012 05:07:22 +0000 Subject: Fix issue that RsaPkcs1Verify() may not work in PEI phase. Signed-off-by: Ye Ting Reviewed-by: Yao Jiewen Reviewed-by: Long Qin git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958 6f19259b-4bc3-4df7-8a09-765794883524 --- CryptoPkg/CryptRuntimeDxe/CryptRuntime.c | 2 +- CryptoPkg/CryptRuntimeDxe/CryptRuntime.h | 2 +- CryptoPkg/Include/Library/BaseCryptLib.h | 2 +- CryptoPkg/Include/Protocol/RuntimeCrypt.h | 2 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c | 25 +++++++++++++++++----- .../RuntimeDxeIpfCryptLib.c | 2 +- 6 files changed, 25 insertions(+), 10 deletions(-) (limited to 'CryptoPkg') diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c index 75d8964..47a92fe 100644 --- a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c +++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c @@ -205,7 +205,7 @@ RuntimeCryptRsaPkcs1Verify ( IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashLength, - IN UINT8 *Signature, + IN CONST UINT8 *Signature, IN UINTN SigLength ) { diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h index 8647645..a7d21fd 100644 --- a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h +++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h @@ -179,7 +179,7 @@ RuntimeCryptRsaPkcs1Verify ( IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashLength, - IN UINT8 *Signature, + IN CONST UINT8 *Signature, IN UINTN SigLength ); diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 4564d7b..504f405 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1498,7 +1498,7 @@ RsaPkcs1Verify ( IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashSize, - IN UINT8 *Signature, + IN CONST UINT8 *Signature, IN UINTN SigSize ); diff --git a/CryptoPkg/Include/Protocol/RuntimeCrypt.h b/CryptoPkg/Include/Protocol/RuntimeCrypt.h index bb03a62..35fd43c 100644 --- a/CryptoPkg/Include/Protocol/RuntimeCrypt.h +++ b/CryptoPkg/Include/Protocol/RuntimeCrypt.h @@ -181,7 +181,7 @@ BOOLEAN IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashLength, - IN UINT8 *Signature, + IN CONST UINT8 *Signature, IN UINTN SigLength ); diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c index 76754b4..cbe3c50 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c @@ -285,19 +285,23 @@ RsaPkcs1Verify ( IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashSize, - IN UINT8 *Signature, + IN CONST UINT8 *Signature, IN UINTN SigSize ) { INTN Length; + UINT8 *DecryptedSigature; // // Check input parameters. // - if (RsaContext == NULL || MessageHash == NULL || Signature == NULL || SigSize > INT_MAX) { + if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) { return FALSE; } + if (SigSize > INT_MAX || SigSize == 0) { + return FALSE; + } // // Check for unsupported hash size: @@ -306,14 +310,22 @@ RsaPkcs1Verify ( if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) { return FALSE; } - + + // + // Prepare buffer to store decrypted signature. + // + DecryptedSigature = (UINT8 *) malloc (SigSize); + if (DecryptedSigature == NULL) { + return FALSE; + } + // // RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key // Length = RSA_public_decrypt ( (UINT32) SigSize, Signature, - Signature, + DecryptedSigature, RsaContext, RSA_PKCS1_PADDING ); @@ -324,6 +336,7 @@ RsaPkcs1Verify ( // Ignore more strict length checking here. // if (Length < (INTN) HashSize) { + free (DecryptedSigature); return FALSE; } @@ -337,15 +350,17 @@ RsaPkcs1Verify ( // Then Memory Comparing should skip the DER value of the underlying SEQUENCE // type and AlgorithmIdentifier. // - if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) { + if (CompareMem (MessageHash, DecryptedSigature + Length - HashSize, HashSize) == 0) { // // Valid RSA PKCS#1 Signature // + free (DecryptedSigature); return TRUE; } else { // // Failed to verification // + free (DecryptedSigature); return FALSE; } } diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c index 68abc89..cd40d16 100644 --- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c @@ -401,7 +401,7 @@ RsaPkcs1Verify ( IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashSize, - IN UINT8 *Signature, + IN CONST UINT8 *Signature, IN UINTN SigSize ) { -- cgit v1.1