CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme.

[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLibOnProtocolPpi / CryptLib.c

diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index af99ed7f5b427a751215883ef43b744d873227e3..fcb59137805b1d924e2483ef52650c0d1554b37c 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1556,7 +1556,7 @@ RsaPkcs1Verify (
   Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.\r
   Implementation determines salt length automatically from the signature encoding.\r
   Mask generation function is the same as the message digest algorithm.\r
-  Salt length should atleast be equal to digest length.\r
+  Salt length should be equal to digest length.\r
 \r
   @param[in]  RsaContext      Pointer to RSA context for signature verification.\r
   @param[in]  Message         Pointer to octet message to be verified.\r
@@ -1592,6 +1592,14 @@ RsaPssVerify (
   If the Signature buffer is too small to hold the contents of signature, FALSE\r
   is returned and SigSize is set to the required buffer size to obtain the signature.\r
 \r
+  If RsaContext is NULL, then return FALSE.\r
+  If Message is NULL, then return FALSE.\r
+  If MsgSize is zero or > INT_MAX, then return FALSE.\r
+  If DigestLen is NOT 32, 48 or 64, return FALSE.\r
+  If SaltLen is not equal to DigestLen, then return FALSE.\r
+  If SigSize is large enough but Signature is NULL, then return FALSE.\r
+  If this interface is not supported, then return FALSE.\r
+\r
   @param[in]      RsaContext   Pointer to RSA context for signature generation.\r
   @param[in]      Message      Pointer to octet message to be signed.\r
   @param[in]      MsgSize      Size of the message in bytes.\r