Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958
6f19259b-4bc3-4df7-8a09-
765794883524
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashLength,\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashLength,\r
+ IN CONST UINT8 *Signature,\r
IN UINTN SigLength\r
)\r
{\r
IN UINTN SigLength\r
)\r
{\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashLength,\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashLength,\r
+ IN CONST UINT8 *Signature,\r
IN UINTN SigLength\r
);\r
\r
IN UINTN SigLength\r
);\r
\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashSize,\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashSize,\r
+ IN CONST UINT8 *Signature,\r
IN UINTN SigSize\r
);\r
\r
IN UINTN SigSize\r
);\r
\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashLength,\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashLength,\r
+ IN CONST UINT8 *Signature,\r
IN UINTN SigLength\r
);\r
\r
IN UINTN SigLength\r
);\r
\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashSize,\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashSize,\r
+ IN CONST UINT8 *Signature,\r
IN UINTN SigSize\r
)\r
{\r
INTN Length;\r
IN UINTN SigSize\r
)\r
{\r
INTN Length;\r
+ UINT8 *DecryptedSigature;\r
\r
//\r
// Check input parameters.\r
//\r
\r
//\r
// Check input parameters.\r
//\r
- if (RsaContext == NULL || MessageHash == NULL || Signature == NULL || SigSize > INT_MAX) {\r
+ if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {\r
+ if (SigSize > INT_MAX || SigSize == 0) {\r
+ return FALSE;\r
+ }\r
\r
//\r
// Check for unsupported hash size:\r
\r
//\r
// Check for unsupported hash size:\r
if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {\r
return FALSE;\r
}\r
if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {\r
return FALSE;\r
}\r
+\r
+ //\r
+ // Prepare buffer to store decrypted signature.\r
+ //\r
+ DecryptedSigature = (UINT8 *) malloc (SigSize);\r
+ if (DecryptedSigature == NULL) {\r
+ return FALSE;\r
+ }\r
+\r
//\r
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key\r
//\r
Length = RSA_public_decrypt (\r
(UINT32) SigSize,\r
Signature,\r
//\r
// RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key\r
//\r
Length = RSA_public_decrypt (\r
(UINT32) SigSize,\r
Signature,\r
RsaContext,\r
RSA_PKCS1_PADDING\r
);\r
RsaContext,\r
RSA_PKCS1_PADDING\r
);\r
// Ignore more strict length checking here.\r
//\r
if (Length < (INTN) HashSize) {\r
// Ignore more strict length checking here.\r
//\r
if (Length < (INTN) HashSize) {\r
+ free (DecryptedSigature);\r
// Then Memory Comparing should skip the DER value of the underlying SEQUENCE\r
// type and AlgorithmIdentifier.\r
//\r
// Then Memory Comparing should skip the DER value of the underlying SEQUENCE\r
// type and AlgorithmIdentifier.\r
//\r
- if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {\r
+ if (CompareMem (MessageHash, DecryptedSigature + Length - HashSize, HashSize) == 0) {\r
//\r
// Valid RSA PKCS#1 Signature\r
//\r
//\r
// Valid RSA PKCS#1 Signature\r
//\r
+ free (DecryptedSigature);\r
return TRUE;\r
} else {\r
//\r
// Failed to verification\r
//\r
return TRUE;\r
} else {\r
//\r
// Failed to verification\r
//\r
+ free (DecryptedSigature);\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashSize,\r
IN VOID *RsaContext,\r
IN CONST UINT8 *MessageHash,\r
IN UINTN HashSize,\r
+ IN CONST UINT8 *Signature,\r
IN UINTN SigSize\r
)\r
{\r
IN UINTN SigSize\r
)\r
{\r