CryptoPkg/BaseCryptLib: Add missing OpenSSL includes

[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptRsaBasic.c

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
index d828cb4b3f309b9899482fc819eba6ca1aa74305..e49db51e7284cb3c209e0e8931c87cda32e191ea 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
@@ -7,7 +7,7 @@
   3) RsaSetKey\r
   4) RsaPkcs1Verify\r
 \r
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -20,9 +20,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 \r
 #include "InternalCryptLib.h"\r
 \r
+#include <openssl/bn.h>\r
 #include <openssl/rsa.h>\r
-#include <openssl/err.h>\r
-\r
+#include <openssl/objects.h>\r
 \r
 /**\r
   Allocates and initializes one RSA context for subsequent use.\r
@@ -97,7 +97,7 @@ RsaSetKey (
   //\r
   // Check input parameters.\r
   //\r
-  if (RsaContext == NULL) {\r
+  if (RsaContext == NULL || BnSize > INT_MAX) {\r
     return FALSE;\r
   }\r
 \r
@@ -121,6 +121,10 @@ RsaSetKey (
       break;\r
     }\r
     RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);\r
+    if (RsaKey->n == NULL) {\r
+      return FALSE;\r
+    }\r
+\r
     break;\r
 \r
   //\r
@@ -135,6 +139,10 @@ RsaSetKey (
       break;\r
     }\r
     RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);\r
+    if (RsaKey->e == NULL) {\r
+      return FALSE;\r
+    }\r
+\r
     break;\r
 \r
   //\r
@@ -149,6 +157,10 @@ RsaSetKey (
       break;\r
     }\r
     RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);\r
+    if (RsaKey->d == NULL) {\r
+      return FALSE;\r
+    }\r
+\r
     break;\r
 \r
   //\r
@@ -163,6 +175,10 @@ RsaSetKey (
       break;\r
     }\r
     RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);\r
+    if (RsaKey->p == NULL) {\r
+      return FALSE;\r
+    }\r
+\r
     break;\r
 \r
   //\r
@@ -177,6 +193,10 @@ RsaSetKey (
       break;\r
     }\r
     RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);\r
+    if (RsaKey->q == NULL) {\r
+      return FALSE;\r
+    }\r
+\r
     break;\r
 \r
   //\r
@@ -191,6 +211,10 @@ RsaSetKey (
       break;\r
     }\r
     RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);\r
+    if (RsaKey->dmp1 == NULL) {\r
+      return FALSE;\r
+    }\r
+\r
     break;\r
 \r
   //\r
@@ -205,6 +229,10 @@ RsaSetKey (
       break;\r
     }\r
     RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);\r
+    if (RsaKey->dmq1 == NULL) {\r
+      return FALSE;\r
+    }\r
+\r
     break;\r
 \r
   //\r
@@ -219,6 +247,10 @@ RsaSetKey (
       break;\r
     }\r
     RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);\r
+    if (RsaKey->iqmp == NULL) {\r
+      return FALSE;\r
+    }\r
+\r
     break;\r
 \r
   default:\r
@@ -253,11 +285,12 @@ RsaPkcs1Verify (
   IN  VOID         *RsaContext,\r
   IN  CONST UINT8  *MessageHash,\r
   IN  UINTN        HashSize,\r
-  IN  UINT8        *Signature,\r
+  IN  CONST UINT8  *Signature,\r
   IN  UINTN        SigSize\r
   )\r
 {\r
-  INTN     Length;\r
+  INT32    DigestType;\r
+  UINT8    *SigBuf;\r
 \r
   //\r
   // Check input parameters.\r
@@ -266,54 +299,38 @@ RsaPkcs1Verify (
     return FALSE;\r
   }\r
 \r
-  \r
-  //\r
-  // Check for unsupported hash size:\r
-  //    Only MD5, SHA-1 or SHA-256 digest size is supported\r
-  //\r
-  if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {\r
+  if (SigSize > INT_MAX || SigSize == 0) {\r
     return FALSE;\r
   }\r
-  \r
-  //\r
-  // RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key\r
-  //\r
-  Length = RSA_public_decrypt (\r
-             (UINT32) SigSize,\r
-             Signature,\r
-             Signature,\r
-             RsaContext,\r
-             RSA_PKCS1_PADDING\r
-             );\r
 \r
   //\r
-  // Invalid RSA Key or PKCS#1 Padding Checking Failed (if Length < 0)\r
-  // NOTE: Length should be the addition of HashSize and some DER value.\r
-  //       Ignore more strict length checking here.\r
+  // Determine the message digest algorithm according to digest size.\r
+  //   Only MD5, SHA-1 or SHA-256 algorithm is supported. \r
   //\r
-  if (Length < (INTN) HashSize) {\r
-    return FALSE;\r
-  }\r
+  switch (HashSize) {\r
+  case MD5_DIGEST_SIZE:\r
+    DigestType = NID_md5;\r
+    break;\r
+    \r
+  case SHA1_DIGEST_SIZE:\r
+    DigestType = NID_sha1;\r
+    break;\r
+    \r
+  case SHA256_DIGEST_SIZE:\r
+    DigestType = NID_sha256;\r
+    break;\r
 \r
-  //\r
-  // Validate the MessageHash and Decoded Signature\r
-  // NOTE: The decoded Signature should be the DER encoding of the DigestInfo value\r
-  //       DigestInfo ::= SEQUENCE {\r
-  //           digestAlgorithm AlgorithmIdentifier\r
-  //           digest OCTET STRING\r
-  //       }\r
-  //       Then Memory Comparing should skip the DER value of the underlying SEQUENCE\r
-  //       type and AlgorithmIdentifier.\r
-  //\r
-  if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {\r
-    //\r
-    // Valid RSA PKCS#1 Signature\r
-    //\r
-    return TRUE;\r
-  } else {\r
-    //\r
-    // Failed to verification\r
-    //\r
+  default:\r
     return FALSE;\r
   }\r
+\r
+  SigBuf = (UINT8 *) Signature;\r
+  return (BOOLEAN) RSA_verify (\r
+                     DigestType,\r
+                     MessageHash,\r
+                     (UINT32) HashSize,\r
+                     SigBuf,\r
+                     (UINT32) SigSize,\r
+                     (RSA *) RsaContext\r
+                     );\r
 }\r