diff options
| author | tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-08-02 02:49:24 +0000 |
|---|---|---|
| committer | tye1 <tye1@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-08-02 02:49:24 +0000 |
| commit | dda39f3a5850458391aaab330971d46bc9c2b690 (patch) | |
| tree | 132b654595f2506ddc335ffb283df036a6eeb0ce /CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | |
| parent | a08dcb2ab16fbb496ff837d5c55c4cb22343aaa5 (diff) | |
| download | edk2-dda39f3a5850458391aaab330971d46bc9c2b690.tar.gz edk2-dda39f3a5850458391aaab330971d46bc9c2b690.tar.bz2 edk2-dda39f3a5850458391aaab330971d46bc9c2b690.zip | |
Fix several issues in BaseCryptLib:
1. Add input length check for several APIs in BaseCryptLib.
2. Add return status check when calling OpensslLib functions
3. Adjust BaseCryptLib API to match description of wrapped OpensslLib API.
4. Update INF file to add missed RuntimeServicesTableLib.
5. Fix return status issue of APIs in CryptX509.c that incorrect when error occurs.
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13579 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c')
| -rw-r--r-- | CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c | 60 |
1 files changed, 42 insertions, 18 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c index 67d8826e6c..b4faafa0c3 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c @@ -231,22 +231,32 @@ RsaGenerateKey ( //
// Check input parameters.
//
- if (RsaContext == NULL) {
+ if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
return FALSE;
}
KeyE = BN_new ();
+ if (KeyE == NULL) {
+ return FALSE;
+ }
+
+ RetVal = FALSE;
+
if (PublicExponent == NULL) {
- BN_set_word (KeyE, 0x10001);
+ if (BN_set_word (KeyE, 0x10001) == 0) {
+ goto _Exit;
+ }
} else {
- BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE);
+ if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {
+ goto _Exit;
+ }
}
- RetVal = FALSE;
if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
RetVal = TRUE;
}
+_Exit:
BN_free (KeyE);
return RetVal;
}
@@ -299,18 +309,24 @@ RsaCheckKey ( /**
Performs the PKCS1-v1_5 encoding methods defined in RSA PKCS #1.
- @param Message Message buffer to be encoded.
- @param MessageSize Size of message buffer in bytes.
- @param DigestInfo Pointer to buffer of digest info for output.
+ @param[in] Message Message buffer to be encoded.
+ @param[in] MessageSize Size of message buffer in bytes.
+ @param[out] DigestInfo Pointer to buffer of digest info for output.
+ @param[in,out] DigestInfoSize On input, the size of DigestInfo buffer in bytes.
+ On output, the size of data returned in DigestInfo
+ buffer in bytes.
- @return Size of DigestInfo in bytes.
+ @retval TRUE PKCS1-v1_5 encoding finished successfully.
+ @retval FALSE Any input parameter is invalid.
+ @retval FALSE DigestInfo buffer is not large enough.
**/
-UINTN
+BOOLEAN
DigestInfoEncoding (
- IN CONST UINT8 *Message,
- IN UINTN MessageSize,
- OUT UINT8 *DigestInfo
+ IN CONST UINT8 *Message,
+ IN UINTN MessageSize,
+ OUT UINT8 *DigestInfo,
+ IN OUT UINTN *DigestInfoSize
)
{
CONST UINT8 *HashDer;
@@ -319,7 +335,7 @@ DigestInfoEncoding ( //
// Check input parameters.
//
- if (Message == NULL || DigestInfo == NULL) {
+ if (Message == NULL || DigestInfo == NULL || DigestInfoSize == NULL) {
return FALSE;
}
@@ -347,10 +363,16 @@ DigestInfoEncoding ( return FALSE;
}
+ if (*DigestInfoSize < DerSize + MessageSize) {
+ *DigestInfoSize = DerSize + MessageSize;
+ return FALSE;
+ }
+
CopyMem (DigestInfo, HashDer, DerSize);
CopyMem (DigestInfo + DerSize, Message, MessageSize);
- return (DerSize + MessageSize);
+ *DigestInfoSize = DerSize + MessageSize;
+ return TRUE;
}
/**
@@ -412,21 +434,23 @@ RsaPkcs1Sign ( return FALSE;
}
- Size = DigestInfoEncoding (MessageHash, HashSize, Signature);
+ if (!DigestInfoEncoding (MessageHash, HashSize, Signature, SigSize)) {
+ return FALSE;
+ }
ReturnVal = RSA_private_encrypt (
- (UINT32) Size,
+ (UINT32) *SigSize,
Signature,
Signature,
Rsa,
RSA_PKCS1_PADDING
);
- if (ReturnVal < (INTN) Size) {
+ if (ReturnVal < (INTN) *SigSize) {
return FALSE;
}
- *SigSize = (UINTN)ReturnVal;
+ *SigSize = (UINTN) ReturnVal;
return TRUE;
}
|