CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3455 Enforce salt length to be equal to digest length for RSA-PSS encoding scheme. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
author: Agrawal, Sachin <sachin.agrawal@intel.com> 2021-06-14 23:30:43 +0800
committer: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2021-06-23 15:19:44 +0000
commit: 20ca52882877ba9025da2ee58c8dab7808eca457 (patch)
tree: 126be7fc8eacb8dfb04d2dee2ef6d485291fc9fc /CryptoPkg/Library/BaseCryptLibOnProtocolPpi
parent: 7471751a4d813a64501a9d7819b1eb405911b310 (diff)
download: edk2-20ca52882877ba9025da2ee58c8dab7808eca457.tar.gz
edk2-20ca52882877ba9025da2ee58c8dab7808eca457.tar.bz2
edk2-20ca52882877ba9025da2ee58c8dab7808eca457.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index af99ed7f5b..fcb5913780 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1556,7 +1556,7 @@ RsaPkcs1Verify (
   Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
   Implementation determines salt length automatically from the signature encoding.
   Mask generation function is the same as the message digest algorithm.
-  Salt length should atleast be equal to digest length.
+  Salt length should be equal to digest length.
 
   @param[in]  RsaContext      Pointer to RSA context for signature verification.
   @param[in]  Message         Pointer to octet message to be verified.
@@ -1592,6 +1592,14 @@ RsaPssVerify (
   If the Signature buffer is too small to hold the contents of signature, FALSE
   is returned and SigSize is set to the required buffer size to obtain the signature.
 
+  If RsaContext is NULL, then return FALSE.
+  If Message is NULL, then return FALSE.
+  If MsgSize is zero or > INT_MAX, then return FALSE.
+  If DigestLen is NOT 32, 48 or 64, return FALSE.
+  If SaltLen is not equal to DigestLen, then return FALSE.
+  If SigSize is large enough but Signature is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
   @param[in]      RsaContext   Pointer to RSA context for signature generation.
   @param[in]      Message      Pointer to octet message to be signed.
   @param[in]      MsgSize      Size of the message in bytes.
author	Agrawal, Sachin <sachin.agrawal@intel.com>	2021-06-14 23:30:43 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2021-06-23 15:19:44 +0000
commit	20ca52882877ba9025da2ee58c8dab7808eca457 (patch)
tree	126be7fc8eacb8dfb04d2dee2ef6d485291fc9fc /CryptoPkg/Library/BaseCryptLibOnProtocolPpi
parent	7471751a4d813a64501a9d7819b1eb405911b310 (diff)
download	edk2-20ca52882877ba9025da2ee58c8dab7808eca457.tar.gz edk2-20ca52882877ba9025da2ee58c8dab7808eca457.tar.bz2 edk2-20ca52882877ba9025da2ee58c8dab7808eca457.zip