From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web12.3101.1623717332426899700 for ; Mon, 14 Jun 2021 17:35:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=WYtawnCA; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jiewen.yao@intel.com) IronPort-SDR: tGyasEYZnsLt388Gcz/yHqsLSR/d0IsU6Qq+BvMLhnxrpcxBYkXZIwqX2f6V7qlSgzsuTahP8C RhSabuxUKpzw== X-IronPort-AV: E=McAfee;i="6200,9189,10015"; a="193210540" X-IronPort-AV: E=Sophos;i="5.83,273,1616482800"; d="scan'208";a="193210540" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jun 2021 17:35:30 -0700 IronPort-SDR: 9oxjrf/y0Ypp6yoBLycLygmAKSdTm7Te1mW6i4UIgEWpt2JhDUIEL4/cNiC8KD030PyAv8K2eB 4cDwzTlaEusQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,273,1616482800"; d="scan'208";a="554277925" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by fmsmga001.fm.intel.com with ESMTP; 14 Jun 2021 17:35:30 -0700 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Mon, 14 Jun 2021 17:35:30 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4 via Frontend Transport; Mon, 14 Jun 2021 17:35:30 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.175) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.4; Mon, 14 Jun 2021 17:35:29 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jYFZoPQeWY3PLlKL3jvAKOy07pionZpzOIQwkReR9oG3zsOLED4ZV8FVgKrPrN+qjpZe75W69hWGCnjjHOugm0kT8O1SYC/rvnInzQ8KjPZashidIM6icmk2bhISe+a9qWICCoRXnTve+gO/4qeRJroebEJcp7r6PMSDjKQOmJWJSV+Imt5zyLQ0t82mS+2E9Vq1/WD3thx7R+0+gB82lYCAQ4lP/FHDPNv5mtizzFNo/TudxGAU5qRdpHI1QUF55ex3MmsSPpKh8jb6qqiwnkdkOPcoZ5R/33s15gQJ4JxDbcBp3G3Z4zTt7freFwpVYAEW9KIxIw1PANTYogyyeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QOFie/iMi18DAFkh3+lR0M0uEy/v9c63OVRi/HIYIS8=; b=g7FoQB9/19kg6Vq/gXMM53BBX3R3oY7Wki9DzQ6BpemP3nidahfHg6UiDGqRqXirt5aTCqJkiIt4nFz7JvHsPuVk/V8+922UHIt83UnnyBrQrykzn3g66t28GwPjDyWUydh0now3qMUeNIuhco1F3UI9Wdov9AqIvSxslWQL4f29l8uM3agZX/HWzULlfng2FloMGxCx/9aLqsS+LYgPRdh7b9+gK3Wg5XDiEIQHiQzq/liVSmgQcGlv4cTEKimIDTgimXW4H9uzwrdPti8P7ZSc+hp1WGo7YZaDmjLg8+H8Vlj8yRdOePS/lxMQUCDW96uZsVSfHLL4qv+LOViRMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QOFie/iMi18DAFkh3+lR0M0uEy/v9c63OVRi/HIYIS8=; b=WYtawnCAQHBbQXxrCdmonKy4WrrpGF7wIBvHDmEWnJy//wHgteVdMRgkVprJI6fm340zG7gDF2Ac5Ax+AS/ptVBF5ZPkOReXbs4pH1u2T3cJstnkYWBa1/OakRD3N8KPP8xtRYaRjgBHKUKVwjT/KKsen0RuF8YZSYLtW8NxjEI= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB4856.namprd11.prod.outlook.com (2603:10b6:510:32::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.23; Tue, 15 Jun 2021 00:35:27 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::ec2d:6525:e689:50e6]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::ec2d:6525:e689:50e6%6]) with mapi id 15.20.4219.025; Tue, 15 Jun 2021 00:35:27 +0000 From: "Yao, Jiewen" To: "Agrawal, Sachin" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Lu, XiaoyuX" , "Jiang, Guomin" Subject: Re: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme. Thread-Topic: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme. Thread-Index: AQHXYTJIcMx5VQ22DkO3lKkGa/LwsasUOjPw Date: Tue, 15 Jun 2021 00:35:27 +0000 Message-ID: References: <20210614153043.2500-1-sachin.agrawal@intel.com> <20210614153043.2500-2-sachin.agrawal@intel.com> In-Reply-To: <20210614153043.2500-2-sachin.agrawal@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 51f8524f-e557-4ef7-294e-08d92f9578f8 x-ms-traffictypediagnostic: PH0PR11MB4856: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3631; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /VW+wFkNYuYJhRN2n//5BeHEZIXWuUhOaxx0FSK8FD8RjcWZAV5i+fiNTwqUU4CNHlKqXVk2PGSsQzZ1pOfI2/YxK8bZvzxL9Om6U0aRSEgngZ6dMBNSGvZRB+CHPtEdIwQcwYAcMsemrtIVDHiPwapYZlp1GmONuYYUohkB53U6xbXhqobFlYdFzU5grA1sAfn/6aNVdjkGSfVI3WwA4lzHZ4OEdQxYW2XopIH16s3ZxNL7fVMi/+d8bn0Iwkd6X8BJdDOm8tEvOFAu8oQHKeHlI8pirNOxNDSEQIcV4So2tMkC9iIoNelgdp0brTlkZHSytxlGPmkkqsTjPfhwlhN1t+mQyAeycUXX8pskkdw1MXsbLQ31MbzV6ac+wmfrRpO2rsORT+MwUjoRokpFPJ1OMo+K9dVq8YdbqfP3dqswX3K25l82e18XmojFzLI2UYZrP7PLd3wXxsRg1EGsaFLa1fY0cuqUS+rUAunvvQzWJRtlPaC33xFEkIEJ+/5qIQQ/lRFQVaau/6IeCncZ6MG3LTce0N7r18FwcOYXpK/56dJiAD+PrjOKGNQWjEJ5d+w5zOWWplsuPd8fcgjB1dctgHe1XV0Se7iAdiY/ulZt0B9lzBw16J2iLXUYLZ60ERZEnnEq972qX/x6/Il4657fSImF+tUVBFyVjwBNA/6Q4Lv586vrit5EbKYiC2TvBEhUmhLbdx+5B+02tcexOS+PPR48jIEFY2f3VfGgNhQ= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(39860400002)(346002)(376002)(366004)(396003)(136003)(186003)(107886003)(110136005)(478600001)(66446008)(55016002)(15650500001)(9686003)(66476007)(316002)(5660300002)(76116006)(66946007)(83380400001)(6506007)(64756008)(66556008)(4326008)(53546011)(33656002)(8676002)(966005)(86362001)(8936002)(38100700002)(71200400001)(52536014)(54906003)(26005)(30864003)(122000001)(7696005)(2906002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?HkK8f8a6T+PyPgy0Oa3U4ziRzhxQNpaDI4gOtaYJfKu9qAcGeeHiQlI9E/e3?= =?us-ascii?Q?FuPg5og6A1QthFNLOnajxjg+mmHy/pGU7AHQZ25nAjGbgwiQ/RYc14gOofvZ?= =?us-ascii?Q?WNs6dqT3c9iojTIMqoJPBWpzekjjcd3i1obXDVou9tnILGb8Jrn/qSFGc5xE?= =?us-ascii?Q?o6P2VyMfc4+a634oHibd72uwRJYGo+8eLefcCj1kHOASd0x+4VytVdcdqEQI?= =?us-ascii?Q?+ql3xmWNSElZmAm8lzvX3Cd93ueO7Jek+n5gvoRdmnn79pJDyFXqFeAV/fSY?= =?us-ascii?Q?B9S6uqglVuFFR8DkGWt3EARcKeSvRaiCQNEpEnAPFSsmI3Zkm1MQg0zdoBPH?= =?us-ascii?Q?b3MbE5ZBG9MoIAAU84tNycCXjuWyVFQREgAFl2YbRnJYrZ3GMBa/RBgtLA/d?= =?us-ascii?Q?zlP4PXgsQaD4GqJN0pYLpcLF0RTiW1LtW7uYHuZBxit4mU1ByzGZM3HmdSVx?= =?us-ascii?Q?TQfchUF7G0EODU/bX5UgZn8lTfpLP3ti0LnhfAI2fwsLgPdZ5nayA8SqaG7d?= =?us-ascii?Q?OblfUh56HIG2JCHM64LJdcbKgWoATh+YafgRxwxFe7hDYIRoqoe9Ii9Kt30T?= =?us-ascii?Q?RewMbBWGZAX3oqSDwVDhuw0BWblzyDH5VKNH20+F3RTTY9S3yLk/nq2ThLje?= =?us-ascii?Q?h/AdHOr+TN+avqiTBt1lMGDP73+ZBIjCrH3pYakScs9MDmmiQY1FzBHFVUNk?= =?us-ascii?Q?eRRAMuJswMUDFdChWoK7uBVJUb2orb3NzJugMtoGvFD6b+N4/2DO/U85CobJ?= =?us-ascii?Q?VUXTt++LJRl+jet/MUhTefjSzcPGJz9TlZgUQ2c7NNN50iuTrfB7hJFzqgKu?= =?us-ascii?Q?3Una0uTeocXS9PhmLBt0XwMMLTAQOhzR9VmM4M95kfQLZv272pC2NekRC9i3?= =?us-ascii?Q?rsQaiRDZg6OG52eVOs/9UFuKgjziB6Tj/iDFhTAcDE8FyhylwuWZANU4sv25?= =?us-ascii?Q?cksgcb9kBB2SHwrSfaTaI9C0ijd66qxZ/gGRwwGb7jTUUfBQbaf+c4BYWVtV?= =?us-ascii?Q?Qj1iVUrN4FRKDm7X9RA3OR0Kyob/Okaysx6cOa1VPXffGhyR4MVPfrz8SVAE?= =?us-ascii?Q?JPpnn1wgFu5stSE94uPvZogYBK69Z2p9JXrIButQIoPAPBfbqkmFwlmsHqRV?= =?us-ascii?Q?VfkH3R6OXa6RG0jqOrIif6vC0YJqbf/4/n0ZGDTqdrmXKgwrwUPzdB+akbVi?= =?us-ascii?Q?8Ehjne8AkrdLILzwqcJ8/BeyMtDx81hbirY8eY3HQ471elcBOluGW3ZO61Uh?= =?us-ascii?Q?1QKNC5TxD/vePAyGIsteu0SckqPbkWJRoecRP/TRo11A7Jd5iPgtvw6fdV4q?= =?us-ascii?Q?v3JJsE6MiPUN840O7dzVwjp+?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 51f8524f-e557-4ef7-294e-08d92f9578f8 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jun 2021 00:35:27.4413 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: LHJBfrmdrr+34bJonKsP9AfKsj/k6nPuXmNNyn0/0JIy1Mqj6yT3RiblzdVOJZkbYUjDvtqnKB1hrczBLFo/Lg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4856 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: Agrawal, Sachin > Sent: Monday, June 14, 2021 11:31 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Lu, XiaoyuX ; Jiang, Guomin > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Update Salt length > requirement for RSA-PSS scheme. >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3455 >=20 > Enforce salt length to be equal to digest length for RSA-PSS > encoding scheme. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang >=20 > Signed-off-by: Sachin Agrawal > --- > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c | 4 ++-- > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c | 2 +- > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c | 4 ++-- > CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c | 2 +- > CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c | 2 +- > CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c | 2 +- > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 10 +++++++= ++- > CryptoPkg/Include/Library/BaseCryptLib.h | 4 ++-- > CryptoPkg/Private/Protocol/Crypto.h | 4 ++-- > 9 files changed, 21 insertions(+), 13 deletions(-) >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > index 0b2960f06c4c..37075ea65a0d 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c > @@ -50,7 +50,7 @@ GetEvpMD ( > Verifies the RSA signature with RSASSA-PSS signature scheme defined in= RFC > 8017. > Implementation determines salt length automatically from the signature > encoding. > Mask generation function is the same as the message digest algorithm. > - Salt length should atleast be equal to digest length. > + Salt length should be equal to digest length. >=20 > @param[in] RsaContext Pointer to RSA context for signature verif= ication. > @param[in] Message Pointer to octet message to be verified. > @@ -97,7 +97,7 @@ RsaPssVerify ( > if (Signature =3D=3D NULL || SigSize =3D=3D 0 || SigSize > INT_MAX) { > return FALSE; > } > - if (SaltLen < DigestLen) { > + if (SaltLen !=3D DigestLen) { > return FALSE; > } >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > index 69c6889fbc4b..cc325c92911c 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssNull.c > @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > Verifies the RSA signature with RSASSA-PSS signature scheme defined in= RFC > 8017. > Implementation determines salt length automatically from the signature > encoding. > Mask generation function is the same as the message digest algorithm. > - Salt length should atleast be equal to digest length. > + Salt length should be equal to digest length. >=20 > @param[in] RsaContext Pointer to RSA context for signature verif= ication. > @param[in] Message Pointer to octet message to be verified. > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c > index ece765f9ae0a..06187ff4baa7 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSign.c > @@ -59,7 +59,7 @@ GetEvpMD ( > If Message is NULL, then return FALSE. > If MsgSize is zero or > INT_MAX, then return FALSE. > If DigestLen is NOT 32, 48 or 64, return FALSE. > - If SaltLen is < DigestLen, then return FALSE. > + If SaltLen is not equal to DigestLen, then return FALSE. > If SigSize is large enough but Signature is NULL, then return FALSE. > If this interface is not supported, then return FALSE. >=20 > @@ -120,7 +120,7 @@ RsaPssSign ( > return FALSE; > } >=20 > - if (SaltLen < DigestLen) { > + if (SaltLen !=3D DigestLen) { > return FALSE; > } >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c > index 4ed2dfce992a..911b97252182 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPssSignNull.c > @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > If Message is NULL, then return FALSE. > If MsgSize is zero or > INT_MAX, then return FALSE. > If DigestLen is NOT 32, 48 or 64, return FALSE. > - If SaltLen is < DigestLen, then return FALSE. > + If SaltLen is not equal to DigestLen, then return FALSE. > If SigSize is large enough but Signature is NULL, then return FALSE. > If this interface is not supported, then return FALSE. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c > index 69c6889fbc4b..cc325c92911c 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssNull.c > @@ -15,7 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > Verifies the RSA signature with RSASSA-PSS signature scheme defined in= RFC > 8017. > Implementation determines salt length automatically from the signature > encoding. > Mask generation function is the same as the message digest algorithm. > - Salt length should atleast be equal to digest length. > + Salt length should be equal to digest length. >=20 > @param[in] RsaContext Pointer to RSA context for signature verif= ication. > @param[in] Message Pointer to octet message to be verified. > diff --git a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c > b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c > index 4ed2dfce992a..911b97252182 100644 > --- a/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c > +++ b/CryptoPkg/Library/BaseCryptLibNull/Pk/CryptRsaPssSignNull.c > @@ -24,7 +24,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > If Message is NULL, then return FALSE. > If MsgSize is zero or > INT_MAX, then return FALSE. > If DigestLen is NOT 32, 48 or 64, return FALSE. > - If SaltLen is < DigestLen, then return FALSE. > + If SaltLen is not equal to DigestLen, then return FALSE. > If SigSize is large enough but Signature is NULL, then return FALSE. > If this interface is not supported, then return FALSE. >=20 > diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > index af99ed7f5b42..fcb59137805b 100644 > --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c > @@ -1556,7 +1556,7 @@ RsaPkcs1Verify ( > Verifies the RSA signature with RSASSA-PSS signature scheme defined in= RFC > 8017. > Implementation determines salt length automatically from the signature > encoding. > Mask generation function is the same as the message digest algorithm. > - Salt length should atleast be equal to digest length. > + Salt length should be equal to digest length. >=20 > @param[in] RsaContext Pointer to RSA context for signature verif= ication. > @param[in] Message Pointer to octet message to be verified. > @@ -1592,6 +1592,14 @@ RsaPssVerify ( > If the Signature buffer is too small to hold the contents of signature= , FALSE > is returned and SigSize is set to the required buffer size to obtain t= he signature. >=20 > + If RsaContext is NULL, then return FALSE. > + If Message is NULL, then return FALSE. > + If MsgSize is zero or > INT_MAX, then return FALSE. > + If DigestLen is NOT 32, 48 or 64, return FALSE. > + If SaltLen is not equal to DigestLen, then return FALSE. > + If SigSize is large enough but Signature is NULL, then return FALSE. > + If this interface is not supported, then return FALSE. > + > @param[in] RsaContext Pointer to RSA context for signature gene= ration. > @param[in] Message Pointer to octet message to be signed. > @param[in] MsgSize Size of the message in bytes. > diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h > b/CryptoPkg/Include/Library/BaseCryptLib.h > index 8c7d5922ef96..630ccb5e7500 100644 > --- a/CryptoPkg/Include/Library/BaseCryptLib.h > +++ b/CryptoPkg/Include/Library/BaseCryptLib.h > @@ -1376,7 +1376,7 @@ RsaPkcs1Verify ( > If Message is NULL, then return FALSE. > If MsgSize is zero or > INT_MAX, then return FALSE. > If DigestLen is NOT 32, 48 or 64, return FALSE. > - If SaltLen is < DigestLen, then return FALSE. > + If SaltLen is not equal to DigestLen, then return FALSE. > If SigSize is large enough but Signature is NULL, then return FALSE. > If this interface is not supported, then return FALSE. >=20 > @@ -1411,7 +1411,7 @@ RsaPssSign ( > Verifies the RSA signature with RSASSA-PSS signature scheme defined in= RFC > 8017. > Implementation determines salt length automatically from the signature > encoding. > Mask generation function is the same as the message digest algorithm. > - Salt length should atleast be equal to digest length. > + Salt length should be equal to digest length. >=20 > @param[in] RsaContext Pointer to RSA context for signature verif= ication. > @param[in] Message Pointer to octet message to be verified. > diff --git a/CryptoPkg/Private/Protocol/Crypto.h > b/CryptoPkg/Private/Protocol/Crypto.h > index e304302c9445..498f8e387dba 100644 > --- a/CryptoPkg/Private/Protocol/Crypto.h > +++ b/CryptoPkg/Private/Protocol/Crypto.h > @@ -3421,7 +3421,7 @@ EFI_STATUS > If Message is NULL, then return FALSE. > If MsgSize is zero or > INT_MAX, then return FALSE. > If DigestLen is NOT 32, 48 or 64, return FALSE. > - If SaltLen is < DigestLen, then return FALSE. > + If SaltLen is not equal to DigestLen, then return FALSE. > If SigSize is large enough but Signature is NULL, then return FALSE. > If this interface is not supported, then return FALSE. >=20 > @@ -3456,7 +3456,7 @@ BOOLEAN > Verifies the RSA signature with RSASSA-PSS signature scheme defined in= RFC > 8017. > Implementation determines salt length automatically from the signature > encoding. > Mask generation function is the same as the message digest algorithm. > - Salt length should atleast be equal to digest length. > + Salt length should be equal to digest length. >=20 > @param[in] RsaContext Pointer to RSA context for signature verif= ication. > @param[in] Message Pointer to octet message to be verified. > -- > 2.14.3.windows.1