1 files changed, 9 insertions, 1 deletions

diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index af99ed7f5b..fcb5913780 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -1556,7 +1556,7 @@ RsaPkcs1Verify (
   Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.

   Implementation determines salt length automatically from the signature encoding.

   Mask generation function is the same as the message digest algorithm.

-  Salt length should atleast be equal to digest length.

+  Salt length should be equal to digest length.

 

   @param[in]  RsaContext      Pointer to RSA context for signature verification.

   @param[in]  Message         Pointer to octet message to be verified.

@@ -1592,6 +1592,14 @@ RsaPssVerify (
   If the Signature buffer is too small to hold the contents of signature, FALSE

   is returned and SigSize is set to the required buffer size to obtain the signature.

 

+  If RsaContext is NULL, then return FALSE.

+  If Message is NULL, then return FALSE.

+  If MsgSize is zero or > INT_MAX, then return FALSE.

+  If DigestLen is NOT 32, 48 or 64, return FALSE.

+  If SaltLen is not equal to DigestLen, then return FALSE.

+  If SigSize is large enough but Signature is NULL, then return FALSE.

+  If this interface is not supported, then return FALSE.

+

   @param[in]      RsaContext   Pointer to RSA context for signature generation.

   @param[in]      Message      Pointer to octet message to be signed.

   @param[in]      MsgSize      Size of the message in bytes.