Fix issue that RsaPkcs1Verify() may not work in PEI phase.

Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13958 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c
index 75d89648e4368454e94fc75ecca5bcbd8cffebcf..47a92fec65d515dd134e3a8454f2ca40f405b2cd 100644 (file)
--- a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c
+++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.c
@@ -205,7 +205,7 @@ RuntimeCryptRsaPkcs1Verify (
   IN  VOID         *RsaContext,\r
   IN  CONST UINT8  *MessageHash,\r
   IN  UINTN        HashLength,\r
-  IN  UINT8        *Signature,\r
+  IN  CONST UINT8  *Signature,\r
   IN  UINTN        SigLength\r
   )\r
 {\r

diff --git a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h
index 86476450f449916097fe353ebc4a96e0a1a67d87..a7d21fd3ff9b3f9c29c114ec852b0308f2237f56 100644 (file)
--- a/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h
+++ b/CryptoPkg/CryptRuntimeDxe/CryptRuntime.h
@@ -179,7 +179,7 @@ RuntimeCryptRsaPkcs1Verify (
   IN  VOID         *RsaContext,\r
   IN  CONST UINT8  *MessageHash,\r
   IN  UINTN        HashLength,\r
-  IN  UINT8        *Signature,\r
+  IN  CONST UINT8  *Signature,\r
   IN  UINTN        SigLength\r
   );\r
 \r

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index 4564d7be6542d959101a7a26d5fc58c442c64907..504f405396b9bcc69eb06d5c06ab642a4d969016 100644 (file)
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1498,7 +1498,7 @@ RsaPkcs1Verify (
   IN  VOID         *RsaContext,\r
   IN  CONST UINT8  *MessageHash,\r
   IN  UINTN        HashSize,\r
-  IN  UINT8        *Signature,\r
+  IN  CONST UINT8  *Signature,\r
   IN  UINTN        SigSize\r
   );\r
 \r

diff --git a/CryptoPkg/Include/Protocol/RuntimeCrypt.h b/CryptoPkg/Include/Protocol/RuntimeCrypt.h
index bb03a622e9f5064af3676b72b1e815a16d4e4c33..35fd43cd75c954ab3b47cafb33b27b78171fd1d8 100644 (file)
--- a/CryptoPkg/Include/Protocol/RuntimeCrypt.h
+++ b/CryptoPkg/Include/Protocol/RuntimeCrypt.h
@@ -181,7 +181,7 @@ BOOLEAN
   IN  VOID         *RsaContext,\r
   IN  CONST UINT8  *MessageHash,\r
   IN  UINTN        HashLength,\r
-  IN  UINT8        *Signature,\r
+  IN  CONST UINT8  *Signature,\r
   IN  UINTN        SigLength\r
   );\r
 \r

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
index 76754b4a72f0a2800fe88ae637c63893821b7e19..cbe3c50fedbce1f604745554e6207259eeff6d29 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c
@@ -285,19 +285,23 @@ RsaPkcs1Verify (
   IN  VOID         *RsaContext,\r
   IN  CONST UINT8  *MessageHash,\r
   IN  UINTN        HashSize,\r
-  IN  UINT8        *Signature,\r
+  IN  CONST UINT8  *Signature,\r
   IN  UINTN        SigSize\r
   )\r
 {\r
   INTN     Length;\r
+  UINT8    *DecryptedSigature;\r
 \r
   //\r
   // Check input parameters.\r
   //\r
-  if (RsaContext == NULL || MessageHash == NULL || Signature == NULL || SigSize > INT_MAX) {\r
+  if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {\r
     return FALSE;\r
   }\r
 \r
+  if (SigSize > INT_MAX || SigSize == 0) {\r
+    return FALSE;\r
+  }\r
   \r
   //\r
   // Check for unsupported hash size:\r
@@ -306,14 +310,22 @@ RsaPkcs1Verify (
   if (HashSize != MD5_DIGEST_SIZE && HashSize != SHA1_DIGEST_SIZE && HashSize != SHA256_DIGEST_SIZE) {\r
     return FALSE;\r
   }\r
-  \r
+\r
+  //\r
+  // Prepare buffer to store decrypted signature.\r
+  //\r
+  DecryptedSigature = (UINT8 *) malloc (SigSize);\r
+  if (DecryptedSigature == NULL) {\r
+    return FALSE;\r
+  }\r
+\r
   //\r
   // RSA PKCS#1 Signature Decoding using OpenSSL RSA Decryption with Public Key\r
   //\r
   Length = RSA_public_decrypt (\r
              (UINT32) SigSize,\r
              Signature,\r
-             Signature,\r
+             DecryptedSigature,\r
              RsaContext,\r
              RSA_PKCS1_PADDING\r
              );\r
@@ -324,6 +336,7 @@ RsaPkcs1Verify (
   //       Ignore more strict length checking here.\r
   //\r
   if (Length < (INTN) HashSize) {\r
+    free (DecryptedSigature);\r
     return FALSE;\r
   }\r
 \r
@@ -337,15 +350,17 @@ RsaPkcs1Verify (
   //       Then Memory Comparing should skip the DER value of the underlying SEQUENCE\r
   //       type and AlgorithmIdentifier.\r
   //\r
-  if (CompareMem (MessageHash, Signature + Length - HashSize, HashSize) == 0) {\r
+  if (CompareMem (MessageHash, DecryptedSigature + Length - HashSize, HashSize) == 0) {\r
     //\r
     // Valid RSA PKCS#1 Signature\r
     //\r
+    free (DecryptedSigature);\r
     return TRUE;\r
   } else {\r
     //\r
     // Failed to verification\r
     //\r
+    free (DecryptedSigature);\r
     return FALSE;\r
   }\r
 }\r

diff --git a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
index 68abc893fd14b67daeb1ff801a2e0ae9131e719e..cd40d162337ec2a47b54782b8ee221e3f228c1e9 100644 (file)
--- a/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/RuntimeDxeIpfCryptLib.c
@@ -401,7 +401,7 @@ RsaPkcs1Verify (
   IN  VOID         *RsaContext,\r
   IN  CONST UINT8  *MessageHash,\r
   IN  UINTN        HashSize,\r
-  IN  UINT8        *Signature,\r
+  IN  CONST UINT8  *Signature,\r
   IN  UINTN        SigSize\r
   )\r
 {\r