[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptRsaBasic.c

/** @file\r
  RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r
\r
  This file implements following APIs which provide basic capabilities for RSA:\r
  1) RsaNew\r
  2) RsaFree\r
  3) RsaSetKey\r
  4) RsaPkcs1Verify\r
\r
Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
\r
#include <openssl/bn.h>\r
#include <openssl/rsa.h>\r
#include <openssl/objects.h>\r
\r
/**\r
  Allocates and initializes one RSA context for subsequent use.\r
\r
  @return  Pointer to the RSA context that has been initialized.\r
           If the allocations fails, RsaNew() returns NULL.\r
\r
**/\r
VOID *\r
EFIAPI\r
RsaNew (\r
  VOID\r
  )\r
{\r
  //\r
  // Allocates & Initializes RSA Context by OpenSSL RSA_new()\r
  //\r
  return (VOID *)RSA_new ();\r
}\r
\r
/**\r
  Release the specified RSA context.\r
\r
  @param[in]  RsaContext  Pointer to the RSA context to be released.\r
\r
**/\r
VOID\r
EFIAPI\r
RsaFree (\r
  IN  VOID  *RsaContext\r
  )\r
{\r
  //\r
  // Free OpenSSL RSA Context\r
  //\r
  RSA_free ((RSA *)RsaContext);\r
}\r
\r
/**\r
  Sets the tag-designated key component into the established RSA context.\r
\r
  This function sets the tag-designated RSA key component into the established\r
  RSA context from the user-specified non-negative integer (octet string format\r
  represented in RSA PKCS#1).\r
  If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
\r
  If RsaContext is NULL, then return FALSE.\r
\r
  @param[in, out]  RsaContext  Pointer to RSA context being set.\r
  @param[in]       KeyTag      Tag of RSA key component being set.\r
  @param[in]       BigNumber   Pointer to octet integer buffer.\r
                               If NULL, then the specified key component in RSA\r
                               context is cleared.\r
  @param[in]       BnSize      Size of big number buffer in bytes.\r
                               If BigNumber is NULL, then it is ignored.\r
\r
  @retval  TRUE   RSA key component was set successfully.\r
  @retval  FALSE  Invalid RSA key component tag.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaSetKey (\r
  IN OUT  VOID         *RsaContext,\r
  IN      RSA_KEY_TAG  KeyTag,\r
  IN      CONST UINT8  *BigNumber,\r
  IN      UINTN        BnSize\r
  )\r
{\r
  RSA     *RsaKey;\r
  BIGNUM  *BnN;\r
  BIGNUM  *BnE;\r
  BIGNUM  *BnD;\r
  BIGNUM  *BnP;\r
  BIGNUM  *BnQ;\r
  BIGNUM  *BnDp;\r
  BIGNUM  *BnDq;\r
  BIGNUM  *BnQInv;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if ((RsaContext == NULL) || (BnSize > INT_MAX)) {\r
    return FALSE;\r
  }\r
\r
  BnN    = NULL;\r
  BnE    = NULL;\r
  BnD    = NULL;\r
  BnP    = NULL;\r
  BnQ    = NULL;\r
  BnDp   = NULL;\r
  BnDq   = NULL;\r
  BnQInv = NULL;\r
\r
  //\r
  // Retrieve the components from RSA object.\r
  //\r
  RsaKey = (RSA *)RsaContext;\r
  RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);\r
  RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);\r
  RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);\r
\r
  //\r
  // Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
  // NOTE: For RSA public key (used in signature verification), only public components\r
  //       (N, e) are needed.\r
  //\r
  switch (KeyTag) {\r
    //\r
    // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)\r
    //\r
    case RsaKeyN:\r
    case RsaKeyE:\r
    case RsaKeyD:\r
      if (BnN == NULL) {\r
        BnN = BN_new ();\r
      }\r
\r
      if (BnE == NULL) {\r
        BnE = BN_new ();\r
      }\r
\r
      if (BnD == NULL) {\r
        BnD = BN_new ();\r
      }\r
\r
      if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {\r
        return FALSE;\r
      }\r
\r
      switch (KeyTag) {\r
        case RsaKeyN:\r
          BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);\r
          break;\r
        case RsaKeyE:\r
          BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);\r
          break;\r
        case RsaKeyD:\r
          BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);\r
          break;\r
        default:\r
          return FALSE;\r
      }\r
\r
      if (RSA_set0_key (RsaKey, BN_dup (BnN), BN_dup (BnE), BN_dup (BnD)) == 0) {\r
        return FALSE;\r
      }\r
\r
      break;\r
\r
    //\r
    // RSA Secret Prime Factor of Modulus (p and q)\r
    //\r
    case RsaKeyP:\r
    case RsaKeyQ:\r
      if (BnP == NULL) {\r
        BnP = BN_new ();\r
      }\r
\r
      if (BnQ == NULL) {\r
        BnQ = BN_new ();\r
      }\r
\r
      if ((BnP == NULL) || (BnQ == NULL)) {\r
        return FALSE;\r
      }\r
\r
      switch (KeyTag) {\r
        case RsaKeyP:\r
          BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);\r
          break;\r
        case RsaKeyQ:\r
          BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);\r
          break;\r
        default:\r
          return FALSE;\r
      }\r
\r
      if (RSA_set0_factors (RsaKey, BN_dup (BnP), BN_dup (BnQ)) == 0) {\r
        return FALSE;\r
      }\r
\r
      break;\r
\r
    //\r
    // p's CRT Exponent (== d mod (p - 1)),  q's CRT Exponent (== d mod (q - 1)),\r
    // and CRT Coefficient (== 1/q mod p)\r
    //\r
    case RsaKeyDp:\r
    case RsaKeyDq:\r
    case RsaKeyQInv:\r
      if (BnDp == NULL) {\r
        BnDp = BN_new ();\r
      }\r
\r
      if (BnDq == NULL) {\r
        BnDq = BN_new ();\r
      }\r
\r
      if (BnQInv == NULL) {\r
        BnQInv = BN_new ();\r
      }\r
\r
      if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {\r
        return FALSE;\r
      }\r
\r
      switch (KeyTag) {\r
        case RsaKeyDp:\r
          BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);\r
          break;\r
        case RsaKeyDq:\r
          BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);\r
          break;\r
        case RsaKeyQInv:\r
          BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);\r
          break;\r
        default:\r
          return FALSE;\r
      }\r
\r
      if (RSA_set0_crt_params (RsaKey, BN_dup (BnDp), BN_dup (BnDq), BN_dup (BnQInv)) == 0) {\r
        return FALSE;\r
      }\r
\r
      break;\r
\r
    default:\r
      return FALSE;\r
  }\r
\r
  return TRUE;\r
}\r
\r
/**\r
  Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
  RSA PKCS#1.\r
\r
  If RsaContext is NULL, then return FALSE.\r
  If MessageHash is NULL, then return FALSE.\r
  If Signature is NULL, then return FALSE.\r
  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.\r
\r
  @param[in]  RsaContext   Pointer to RSA context for signature verification.\r
  @param[in]  MessageHash  Pointer to octet message hash to be checked.\r
  @param[in]  HashSize     Size of the message hash in bytes.\r
  @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.\r
  @param[in]  SigSize      Size of signature in bytes.\r
\r
  @retval  TRUE   Valid signature encoded in PKCS1-v1_5.\r
  @retval  FALSE  Invalid signature or invalid RSA context.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaPkcs1Verify (\r
  IN  VOID         *RsaContext,\r
  IN  CONST UINT8  *MessageHash,\r
  IN  UINTN        HashSize,\r
  IN  CONST UINT8  *Signature,\r
  IN  UINTN        SigSize\r
  )\r
{\r
  INT32  DigestType;\r
  UINT8  *SigBuf;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if ((RsaContext == NULL) || (MessageHash == NULL) || (Signature == NULL)) {\r
    return FALSE;\r
  }\r
\r
  if ((SigSize > INT_MAX) || (SigSize == 0)) {\r
    return FALSE;\r
  }\r
\r
  //\r
  // Determine the message digest algorithm according to digest size.\r
  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.\r
  //\r
  switch (HashSize) {\r
    case MD5_DIGEST_SIZE:\r
      DigestType = NID_md5;\r
      break;\r
\r
    case SHA1_DIGEST_SIZE:\r
      DigestType = NID_sha1;\r
      break;\r
\r
    case SHA256_DIGEST_SIZE:\r
      DigestType = NID_sha256;\r
      break;\r
\r
    case SHA384_DIGEST_SIZE:\r
      DigestType = NID_sha384;\r
      break;\r
\r
    case SHA512_DIGEST_SIZE:\r
      DigestType = NID_sha512;\r
      break;\r
\r
    default:\r
      return FALSE;\r
  }\r
\r
  SigBuf = (UINT8 *)Signature;\r
  return (BOOLEAN)RSA_verify (\r
                    DigestType,\r
                    MessageHash,\r
                    (UINT32)HashSize,\r
                    SigBuf,\r
                    (UINT32)SigSize,\r
                    (RSA *)RsaContext\r
                    );\r
}\r
Commit	Line	Data
532616bb	1	/** @file\r
	2	RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r
	3	\r
	4	This file implements following APIs which provide basic capabilities for RSA:\r
	5	1) RsaNew\r
	6	2) RsaFree\r
	7	3) RsaSetKey\r
	8	4) RsaPkcs1Verify\r
	9	\r
c9d72628	10	Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
2009f6b4	11	SPDX-License-Identifier: BSD-2-Clause-Patent\r
532616bb	12	\r
	13	**/\r
	14	\r
	15	#include "InternalCryptLib.h"\r
	16	\r
1cae0c83	17	#include <openssl/bn.h>\r
532616bb	18	#include <openssl/rsa.h>\r
86b5c3ee	19	#include <openssl/objects.h>\r
532616bb	20	\r
	21	/**\r
	22	Allocates and initializes one RSA context for subsequent use.\r
	23	\r
	24	@return Pointer to the RSA context that has been initialized.\r
	25	If the allocations fails, RsaNew() returns NULL.\r
	26	\r
	27	**/\r
	28	VOID *\r
	29	EFIAPI\r
	30	RsaNew (\r
	31	VOID\r
	32	)\r
	33	{\r
	34	//\r
	35	// Allocates & Initializes RSA Context by OpenSSL RSA_new()\r
	36	//\r
7c342378	37	return (VOID *)RSA_new ();\r
532616bb	38	}\r
	39	\r
	40	/**\r
	41	Release the specified RSA context.\r
	42	\r
	43	@param[in] RsaContext Pointer to the RSA context to be released.\r
	44	\r
	45	**/\r
	46	VOID\r
	47	EFIAPI\r
	48	RsaFree (\r
	49	IN VOID *RsaContext\r
	50	)\r
	51	{\r
	52	//\r
	53	// Free OpenSSL RSA Context\r
	54	//\r
7c342378	55	RSA_free ((RSA *)RsaContext);\r
532616bb	56	}\r
	57	\r
	58	/**\r
	59	Sets the tag-designated key component into the established RSA context.\r
	60	\r
	61	This function sets the tag-designated RSA key component into the established\r
	62	RSA context from the user-specified non-negative integer (octet string format\r
	63	represented in RSA PKCS#1).\r
2998af86	64	If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
532616bb	65	\r
	66	If RsaContext is NULL, then return FALSE.\r
	67	\r
	68	@param[in, out] RsaContext Pointer to RSA context being set.\r
	69	@param[in] KeyTag Tag of RSA key component being set.\r
	70	@param[in] BigNumber Pointer to octet integer buffer.\r
2998af86	71	If NULL, then the specified key component in RSA\r
532616bb	72	context is cleared.\r
	73	@param[in] BnSize Size of big number buffer in bytes.\r
	74	If BigNumber is NULL, then it is ignored.\r
	75	\r
	76	@retval TRUE RSA key component was set successfully.\r
	77	@retval FALSE Invalid RSA key component tag.\r
	78	\r
	79	**/\r
	80	BOOLEAN\r
	81	EFIAPI\r
	82	RsaSetKey (\r
	83	IN OUT VOID *RsaContext,\r
	84	IN RSA_KEY_TAG KeyTag,\r
	85	IN CONST UINT8 *BigNumber,\r
	86	IN UINTN BnSize\r
	87	)\r
	88	{\r
f56b11d2 QL	89	RSA *RsaKey;\r
	90	BIGNUM *BnN;\r
	91	BIGNUM *BnE;\r
	92	BIGNUM *BnD;\r
	93	BIGNUM *BnP;\r
	94	BIGNUM *BnQ;\r
	95	BIGNUM *BnDp;\r
	96	BIGNUM *BnDq;\r
	97	BIGNUM *BnQInv;\r
532616bb	98	\r
	99	//\r
	100	// Check input parameters.\r
	101	//\r
7c342378	102	if ((RsaContext == NULL) \|\| (BnSize > INT_MAX)) {\r
532616bb	103	return FALSE;\r
	104	}\r
	105	\r
f56b11d2 QL	106	BnN = NULL;\r
	107	BnE = NULL;\r
	108	BnD = NULL;\r
	109	BnP = NULL;\r
	110	BnQ = NULL;\r
	111	BnDp = NULL;\r
	112	BnDq = NULL;\r
	113	BnQInv = NULL;\r
	114	\r
	115	//\r
	116	// Retrieve the components from RSA object.\r
	117	//\r
7c342378	118	RsaKey = (RSA *)RsaContext;\r
f56b11d2 QL	119	RSA_get0_key (RsaKey, (const BIGNUM )&BnN, (const BIGNUM )&BnE, (const BIGNUM **)&BnD);\r
	120	RSA_get0_factors (RsaKey, (const BIGNUM )&BnP, (const BIGNUM )&BnQ);\r
	121	RSA_get0_crt_params (RsaKey, (const BIGNUM )&BnDp, (const BIGNUM )&BnDq, (const BIGNUM **)&BnQInv);\r
	122	\r
532616bb	123	//\r
	124	// Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
	125	// NOTE: For RSA public key (used in signature verification), only public components\r
	126	// (N, e) are needed.\r
	127	//\r
	128	switch (KeyTag) {\r
7c342378 MK	129	//\r
	130	// RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)\r
	131	//\r
f56b11d2	132	case RsaKeyN:\r
f56b11d2	133	case RsaKeyE:\r
f56b11d2	134	case RsaKeyD:\r
7c342378 MK	135	if (BnN == NULL) {\r
	136	BnN = BN_new ();\r
	137	}\r
	138	\r
	139	if (BnE == NULL) {\r
	140	BnE = BN_new ();\r
	141	}\r
	142	\r
	143	if (BnD == NULL) {\r
	144	BnD = BN_new ();\r
	145	}\r
	146	\r
	147	if ((BnN == NULL) \|\| (BnE == NULL) \|\| (BnD == NULL)) {\r
	148	return FALSE;\r
	149	}\r
	150	\r
	151	switch (KeyTag) {\r
	152	case RsaKeyN:\r
	153	BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);\r
	154	break;\r
	155	case RsaKeyE:\r
	156	BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);\r
	157	break;\r
	158	case RsaKeyD:\r
	159	BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);\r
	160	break;\r
	161	default:\r
	162	return FALSE;\r
	163	}\r
	164	\r
	165	if (RSA_set0_key (RsaKey, BN_dup (BnN), BN_dup (BnE), BN_dup (BnD)) == 0) {\r
	166	return FALSE;\r
	167	}\r
dda39f3a	168	\r
7c342378	169	break;\r
dda39f3a	170	\r
7c342378 MK	171	//\r
	172	// RSA Secret Prime Factor of Modulus (p and q)\r
	173	//\r
f56b11d2	174	case RsaKeyP:\r
f56b11d2	175	case RsaKeyQ:\r
7c342378 MK	176	if (BnP == NULL) {\r
	177	BnP = BN_new ();\r
	178	}\r
	179	\r
	180	if (BnQ == NULL) {\r
	181	BnQ = BN_new ();\r
	182	}\r
	183	\r
	184	if ((BnP == NULL) \|\| (BnQ == NULL)) {\r
	185	return FALSE;\r
	186	}\r
	187	\r
	188	switch (KeyTag) {\r
	189	case RsaKeyP:\r
	190	BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);\r
	191	break;\r
	192	case RsaKeyQ:\r
	193	BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);\r
	194	break;\r
	195	default:\r
	196	return FALSE;\r
	197	}\r
	198	\r
	199	if (RSA_set0_factors (RsaKey, BN_dup (BnP), BN_dup (BnQ)) == 0) {\r
	200	return FALSE;\r
	201	}\r
dda39f3a	202	\r
7c342378	203	break;\r
dda39f3a	204	\r
7c342378 MK	205	//\r
	206	// p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),\r
	207	// and CRT Coefficient (== 1/q mod p)\r
	208	//\r
f56b11d2	209	case RsaKeyDp:\r
f56b11d2	210	case RsaKeyDq:\r
f56b11d2	211	case RsaKeyQInv:\r
7c342378 MK	212	if (BnDp == NULL) {\r
	213	BnDp = BN_new ();\r
	214	}\r
	215	\r
	216	if (BnDq == NULL) {\r
	217	BnDq = BN_new ();\r
	218	}\r
	219	\r
	220	if (BnQInv == NULL) {\r
	221	BnQInv = BN_new ();\r
	222	}\r
	223	\r
	224	if ((BnDp == NULL) \|\| (BnDq == NULL) \|\| (BnQInv == NULL)) {\r
	225	return FALSE;\r
	226	}\r
	227	\r
	228	switch (KeyTag) {\r
	229	case RsaKeyDp:\r
	230	BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);\r
	231	break;\r
	232	case RsaKeyDq:\r
	233	BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);\r
	234	break;\r
	235	case RsaKeyQInv:\r
	236	BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);\r
	237	break;\r
	238	default:\r
	239	return FALSE;\r
	240	}\r
	241	\r
	242	if (RSA_set0_crt_params (RsaKey, BN_dup (BnDp), BN_dup (BnDq), BN_dup (BnQInv)) == 0) {\r
	243	return FALSE;\r
	244	}\r
	245	\r
532616bb	246	break;\r
7c342378	247	\r
f56b11d2 QL	248	default:\r
f56b11d2 QL	249	return FALSE;\r
532616bb	250	}\r
	251	\r
	252	return TRUE;\r
	253	}\r
	254	\r
	255	/**\r
	256	Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
	257	RSA PKCS#1.\r
	258	\r
	259	If RsaContext is NULL, then return FALSE.\r
	260	If MessageHash is NULL, then return FALSE.\r
	261	If Signature is NULL, then return FALSE.\r
c9d72628	262	If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.\r
532616bb	263	\r
	264	@param[in] RsaContext Pointer to RSA context for signature verification.\r
	265	@param[in] MessageHash Pointer to octet message hash to be checked.\r
	266	@param[in] HashSize Size of the message hash in bytes.\r
	267	@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
	268	@param[in] SigSize Size of signature in bytes.\r
	269	\r
	270	@retval TRUE Valid signature encoded in PKCS1-v1_5.\r
	271	@retval FALSE Invalid signature or invalid RSA context.\r
	272	\r
	273	**/\r
	274	BOOLEAN\r
	275	EFIAPI\r
	276	RsaPkcs1Verify (\r
	277	IN VOID *RsaContext,\r
	278	IN CONST UINT8 *MessageHash,\r
	279	IN UINTN HashSize,\r
8c5720b4	280	IN CONST UINT8 *Signature,\r
532616bb	281	IN UINTN SigSize\r
	282	)\r
	283	{\r
7c342378 MK	284	INT32 DigestType;\r
7c342378 MK	285	UINT8 *SigBuf;\r
532616bb	286	\r
	287	//\r
	288	// Check input parameters.\r
	289	//\r
7c342378	290	if ((RsaContext == NULL) \|\| (MessageHash == NULL) \|\| (Signature == NULL)) {\r
532616bb	291	return FALSE;\r
	292	}\r
	293	\r
7c342378	294	if ((SigSize > INT_MAX) \|\| (SigSize == 0)) {\r
8c5720b4	295	return FALSE;\r
8c5720b4	296	}\r
8c5720b4	297	\r
532616bb	298	//\r
86b5c3ee	299	// Determine the message digest algorithm according to digest size.\r
c9d72628	300	// Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.\r
532616bb	301	//\r
86b5c3ee	302	switch (HashSize) {\r
7c342378 MK	303	case MD5_DIGEST_SIZE:\r
	304	DigestType = NID_md5;\r
	305	break;\r
f56b11d2	306	\r
7c342378 MK	307	case SHA1_DIGEST_SIZE:\r
	308	DigestType = NID_sha1;\r
	309	break;\r
f56b11d2	310	\r
7c342378 MK	311	case SHA256_DIGEST_SIZE:\r
	312	DigestType = NID_sha256;\r
	313	break;\r
532616bb	314	\r
7c342378 MK	315	case SHA384_DIGEST_SIZE:\r
	316	DigestType = NID_sha384;\r
	317	break;\r
c9d72628	318	\r
7c342378 MK	319	case SHA512_DIGEST_SIZE:\r
	320	DigestType = NID_sha512;\r
	321	break;\r
c9d72628	322	\r
7c342378 MK	323	default:\r
7c342378 MK	324	return FALSE;\r
532616bb	325	}\r
532616bb	326	\r
7c342378 MK	327	SigBuf = (UINT8 *)Signature;\r
	328	return (BOOLEAN)RSA_verify (\r
	329	DigestType,\r
	330	MessageHash,\r
	331	(UINT32)HashSize,\r
	332	SigBuf,\r
	333	(UINT32)SigSize,\r
	334	(RSA *)RsaContext\r
	335	);\r
532616bb	336	}\r