diff options
| author | Agrawal, Sachin <sachin.agrawal@intel.com> | 2021-06-14 23:30:43 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2021-06-23 15:19:44 +0000 |
| commit | 20ca52882877ba9025da2ee58c8dab7808eca457 (patch) | |
| tree | 126be7fc8eacb8dfb04d2dee2ef6d485291fc9fc | |
| parent | 7471751a4d813a64501a9d7819b1eb405911b310 (diff) | |
| download | edk2-20ca52882877ba9025da2ee58c8dab7808eca457.tar.gz edk2-20ca52882877ba9025da2ee58c8dab7808eca457.tar.bz2 edk2-20ca52882877ba9025da2ee58c8dab7808eca457.zip | |
CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3455
Enforce salt length to be equal to digest length for RSA-PSS
encoding scheme.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
9 files changed, 21 insertions, 13 deletions
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 8c7d5922ef..630ccb5e75 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1376,7 +1376,7 @@ RsaPkcs1Verify ( If Message is NULL, then return FALSE.
If MsgSize is zero or > INT_MAX, then return FALSE.
If DigestLen is NOT 32, 48 or 64, return FALSE.
- If SaltLen is < DigestLen, then return FALSE.
+ If SaltLen is not equal to DigestLen, then return FALSE.
If SigSize is large enough but Signature is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@@ -1411,7 +1411,7 @@ RsaPssSign ( Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
Implementation determines salt length automatically from the signature encoding.
Mask generation function is the same as the message digest algorithm.
- Salt length should atleast be equal to digest length.
+ Salt length should be equal to digest length.
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] Message Pointer to octet message to be verified.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c index 0b2960f06c..37075ea65a 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c @@ -50,7 +50,7 @@ GetEvpMD ( Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
Implementation determines salt length automatically from the signature encoding.
Mask generation function is the same as the message digest algorithm.
- Salt length should atleast be equal to digest length.
+ Salt length should be equal to digest length.
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] Message Pointer to octet message to be verified.
@@ -97,7 +97,7 @@ RsaPssVerify ( if (Signature == NULL || SigSize == 0 || SigSize > INT_MAX) {
return FALSE;
}
- if (SaltLen < DigestLen) {
+ if (SaltLen != DigestLen) {
return FALSE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c index 69c6889fbc..cc325c9291 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
Implementation determines salt length automatically from the signature encoding.
Mask generation function is the same as the message digest algorithm.
- Salt length should atleast be equal to digest length.
+ Salt length should be equal to digest length.
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] Message Pointer to octet message to be verified.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c index ece765f9ae..06187ff4ba 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c @@ -59,7 +59,7 @@ GetEvpMD ( If Message is NULL, then return FALSE.
If MsgSize is zero or > INT_MAX, then return FALSE.
If DigestLen is NOT 32, 48 or 64, return FALSE.
- If SaltLen is < DigestLen, then return FALSE.
+ If SaltLen is not equal to DigestLen, then return FALSE.
If SigSize is large enough but Signature is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@@ -120,7 +120,7 @@ RsaPssSign ( return FALSE;
}
- if (SaltLen < DigestLen) {
+ if (SaltLen != DigestLen) {
return FALSE;
}
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c index 4ed2dfce99..911b972521 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent If Message is NULL, then return FALSE.
If MsgSize is zero or > INT_MAX, then return FALSE.
If DigestLen is NOT 32, 48 or 64, return FALSE.
- If SaltLen is < DigestLen, then return FALSE.
+ If SaltLen is not equal to DigestLen, then return FALSE.
If SigSize is large enough but Signature is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c index 69c6889fbc..cc325c9291 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
Implementation determines salt length automatically from the signature encoding.
Mask generation function is the same as the message digest algorithm.
- Salt length should atleast be equal to digest length.
+ Salt length should be equal to digest length.
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] Message Pointer to octet message to be verified.
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c index 4ed2dfce99..911b972521 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent If Message is NULL, then return FALSE.
If MsgSize is zero or > INT_MAX, then return FALSE.
If DigestLen is NOT 32, 48 or 64, return FALSE.
- If SaltLen is < DigestLen, then return FALSE.
+ If SaltLen is not equal to DigestLen, then return FALSE.
If SigSize is large enough but Signature is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c index af99ed7f5b..fcb5913780 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c @@ -1556,7 +1556,7 @@ RsaPkcs1Verify ( Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
Implementation determines salt length automatically from the signature encoding.
Mask generation function is the same as the message digest algorithm.
- Salt length should atleast be equal to digest length.
+ Salt length should be equal to digest length.
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] Message Pointer to octet message to be verified.
@@ -1592,6 +1592,14 @@ RsaPssVerify ( If the Signature buffer is too small to hold the contents of signature, FALSE
is returned and SigSize is set to the required buffer size to obtain the signature.
+ If RsaContext is NULL, then return FALSE.
+ If Message is NULL, then return FALSE.
+ If MsgSize is zero or > INT_MAX, then return FALSE.
+ If DigestLen is NOT 32, 48 or 64, return FALSE.
+ If SaltLen is not equal to DigestLen, then return FALSE.
+ If SigSize is large enough but Signature is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
@param[in] RsaContext Pointer to RSA context for signature generation.
@param[in] Message Pointer to octet message to be signed.
@param[in] MsgSize Size of the message in bytes.
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h index e304302c94..498f8e387d 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -3421,7 +3421,7 @@ EFI_STATUS If Message is NULL, then return FALSE.
If MsgSize is zero or > INT_MAX, then return FALSE.
If DigestLen is NOT 32, 48 or 64, return FALSE.
- If SaltLen is < DigestLen, then return FALSE.
+ If SaltLen is not equal to DigestLen, then return FALSE.
If SigSize is large enough but Signature is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@@ -3456,7 +3456,7 @@ BOOLEAN Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
Implementation determines salt length automatically from the signature encoding.
Mask generation function is the same as the message digest algorithm.
- Salt length should atleast be equal to digest length.
+ Salt length should be equal to digest length.
@param[in] RsaContext Pointer to RSA context for signature verification.
@param[in] Message Pointer to octet message to be verified.
|