Revision: 13958
http://edk2.svn.sourceforge.net/edk2/?rev=13958&view=rev
Author: tye1
Date: 2012-11-22 05:07:22 +0000 (Thu, 22 Nov 2012)
Log Message:
-----------
Fix issue that RsaPkcs1Verify() may not work in PEI phase.
Signed-off-by: Ye Ting <[email protected]>
Reviewed-by: Yao Jiewen <[email protected]>
Reviewed-by: Long Qin <[email protected]>
Modified Paths:
--------------
trunk/edk2/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c
trunk/edk2/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h
trunk/edk2/CryptoPkg/Include/Library/BaseCryptLib.h
trunk/edk2/CryptoPkg/Include/Protocol/RuntimeCrypt.h
trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
trunk/edk2/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
Modified: trunk/edk2/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c
===================================================================
--- trunk/edk2/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c 2012-11-21 08:06:02 UTC
(rev 13957)
+++ trunk/edk2/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c 2012-11-22 05:07:22 UTC
(rev 13958)
@@ -205,7 +205,7 @@
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashLength,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigLength
)
{
Modified: trunk/edk2/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h
===================================================================
--- trunk/edk2/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h 2012-11-21 08:06:02 UTC
(rev 13957)
+++ trunk/edk2/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h 2012-11-22 05:07:22 UTC
(rev 13958)
@@ -179,7 +179,7 @@
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashLength,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigLength
);
Modified: trunk/edk2/CryptoPkg/Include/Library/BaseCryptLib.h
===================================================================
--- trunk/edk2/CryptoPkg/Include/Library/BaseCryptLib.h 2012-11-21 08:06:02 UTC
(rev 13957)
+++ trunk/edk2/CryptoPkg/Include/Library/BaseCryptLib.h 2012-11-22 05:07:22 UTC
(rev 13958)
@@ -1498,7 +1498,7 @@
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigSize
);
Modified: trunk/edk2/CryptoPkg/Include/Protocol/RuntimeCrypt.h
===================================================================
--- trunk/edk2/CryptoPkg/Include/Protocol/RuntimeCrypt.h 2012-11-21
08:06:02 UTC (rev 13957)
+++ trunk/edk2/CryptoPkg/Include/Protocol/RuntimeCrypt.h 2012-11-22
05:07:22 UTC (rev 13958)
@@ -181,7 +181,7 @@
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashLength,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigLength
);
Modified: trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
===================================================================
--- trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
2012-11-21 08:06:02 UTC (rev 13957)
+++ trunk/edk2/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
2012-11-22 05:07:22 UTC (rev 13958)
@@ -285,19 +285,23 @@
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigSize
)
{
INTN Length;
+ UINT8 *DecryptedSigature;
//
// Check input parameters.
//
- if (RsaContext == NULL || MessageHash == NULL || Signature == NULL ||
SigSize > INT_MAX) {
+ if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
return FALSE;
}
+ if (SigSize > INT_MAX || SigSize == 0) {
+ return FALSE;
+ }
//
// Check for unsupported hash size:
@@ -306,14 +310,22 @@
if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize
!= SHA256_DIGEST_SIZE) {
return FALSE;
}
-
+
//
+ // Prepare buffer to store decrypted signature.
+ //
+ DecryptedSigature = (UINT8 *) malloc (SigSize);
+ if (DecryptedSigature == NULL) {
+ return FALSE;
+ }
+
+ //
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key
//
Length = RSA_public_decrypt (
(UINT32) SigSize,
Signature,
- Signature,
+ DecryptedSigature,
RsaContext,
RSA_PKCS1_PADDING
);
@@ -324,6 +336,7 @@
// Ignore more strict length checking here.
//
if (Length < (INTN) HashSize) {
+ free (DecryptedSigature);
return FALSE;
}
@@ -337,15 +350,17 @@
// Then Memory Comparing should skip the DER value of the underlying
SEQUENCE
// type and AlgorithmIdentifier.
//
- if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {
+ if (CompareMem (MessageHash, DecryptedSigature + Length - HashSize,
HashSize) == 0) {
//
// Valid RSA PKCS#1 Signature
//
+ free (DecryptedSigature);
return TRUE;
} else {
//
// Failed to verification
//
+ free (DecryptedSigature);
return FALSE;
}
}
Modified:
trunk/edk2/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
===================================================================
---
trunk/edk2/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
2012-11-21 08:06:02 UTC (rev 13957)
+++
trunk/edk2/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
2012-11-22 05:07:22 UTC (rev 13958)
@@ -401,7 +401,7 @@
IN VOID *RsaContext,
IN CONST UINT8 *MessageHash,
IN UINTN HashSize,
- IN UINT8 *Signature,
+ IN CONST UINT8 *Signature,
IN UINTN SigSize
)
{
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
