diff --git a/Include/Library/OcCryptoLib.h b/Include/Library/OcCryptoLib.h index 35959dca..9923c270 100644 --- a/Include/Library/OcCryptoLib.h +++ b/Include/Library/OcCryptoLib.h @@ -108,8 +108,7 @@ BOOLEAN RsaVerify ( RSA_PUBLIC_KEY *Key, UINT8 *Signature, - UINT8 *Sha256, - UINT32 *Workbuf32 + UINT8 *Sha256 ); VOID diff --git a/Library/OcAppleChunklistLib/OcAppleChunklistLib.c b/Library/OcAppleChunklistLib/OcAppleChunklistLib.c index 44c96f5d..c1456737 100644 --- a/Library/OcAppleChunklistLib/OcAppleChunklistLib.c +++ b/Library/OcAppleChunklistLib/OcAppleChunklistLib.c @@ -98,16 +98,13 @@ OcAppleChunklistVerifySignature ( { BOOLEAN Result; - UINT32 WorkBuf32[RSANUMWORDS * 3]; - ASSERT (Context != NULL); ASSERT (Context->Signature != NULL); Result = RsaVerify ( PublicKey, Context->Signature->Signature, - Context->Hash, - WorkBuf32 + Context->Hash ); DEBUG_CODE ( if (Result) { diff --git a/Library/OcAppleImageVerificationLib/OcAppleImageVerification.c b/Library/OcAppleImageVerificationLib/OcAppleImageVerification.c index 55126d3a..d92d1c6c 100644 --- a/Library/OcAppleImageVerificationLib/OcAppleImageVerification.c +++ b/Library/OcAppleImageVerificationLib/OcAppleImageVerification.c @@ -615,7 +615,6 @@ VerifyApplePeImageSignature ( IN OUT APPLE_PE_COFF_LOADER_IMAGE_CONTEXT *Context OPTIONAL ) { - UINT32 WorkBuf32[RSANUMWORDS * 3]; UINTN Index = 0; APPLE_SIGNATURE_CONTEXT *SignatureContext = NULL; RSA_PUBLIC_KEY *Pk = NULL; @@ -695,7 +694,7 @@ VerifyApplePeImageSignature ( // // Verify signature // - if (RsaVerify (Pk, SignatureContext->Signature, Context->PeImageHash, WorkBuf32) == 1 ) { + if (RsaVerify (Pk, SignatureContext->Signature, Context->PeImageHash) == 1 ) { DEBUG ((DEBUG_INFO, "Signature verified!\n")); FreePool (SignatureContext); FreePool (Context); diff --git a/Library/OcCryptoLib/Rsa2048Sha256.c b/Library/OcCryptoLib/Rsa2048Sha256.c index 570704d2..5a32f4db 100644 --- a/Library/OcCryptoLib/Rsa2048Sha256.c +++ b/Library/OcCryptoLib/Rsa2048Sha256.c @@ -183,15 +183,12 @@ MontMul ( @param Key Key to use in signing @param InOut Input and output big-endian byte array - @param Workbuf32 Work buffer; caller must verify this is - 3 x RSANUMWORDS elements long. **/ STATIC VOID ModPow ( RSA_PUBLIC_KEY *Key, - UINT8 *InOut, - UINT32 *Workbuf32 + UINT8 *InOut ) { UINT32 *A = NULL; @@ -201,6 +198,8 @@ ModPow ( INT32 Index = 0; UINT32 Tmp = 0; + UINT32 Workbuf32[RSANUMWORDS * 3]; + A = Workbuf32; Ar = A + RSANUMWORDS; Aar = Ar + RSANUMWORDS; @@ -290,16 +289,14 @@ CheckPadding ( @param Key RSA public key @param Signature RSA signature @param Sha256 SHA-256 digest of the content to verify - @param Workbuf32 Work buffer; caller must verify this is - 3 x RSANUMWORDS elements long. + @return FALSE on failure, TRUE on success. **/ BOOLEAN RsaVerify ( RSA_PUBLIC_KEY *Key, UINT8 *Signature, - UINT8 *Sha256, - UINT32 *Workbuf32 + UINT8 *Sha256 ) { UINT8 Buf[RSANUMBYTES]; @@ -312,7 +309,7 @@ RsaVerify ( // // In-place exponentiation // - ModPow (Key, Buf, Workbuf32); + ModPow (Key, Buf); // // Check the PKCS#1 padding diff --git a/Tools/AppleEfiSignTool/AppleEfiBinary.c b/Tools/AppleEfiSignTool/AppleEfiBinary.c index 8ba41e12..9c71363a 100644 --- a/Tools/AppleEfiSignTool/AppleEfiBinary.c +++ b/Tools/AppleEfiSignTool/AppleEfiBinary.c @@ -428,7 +428,6 @@ VerifyApplePeImageSignature ( uint8_t SigBe[256]; uint8_t CalcucatedHash[32]; uint8_t PkHash[32]; - uint32_t WorkBuf32[RSANUMWORDS*3]; RSA_PUBLIC_KEY *Pk = NULL; APPLE_PE_COFF_LOADER_IMAGE_CONTEXT *Context = NULL; @@ -492,7 +491,7 @@ VerifyApplePeImageSignature ( // // Verify signature // - if (RsaVerify (Pk, SigBe, CalcucatedHash, WorkBuf32) == 1 ) { + if (RsaVerify (Pk, SigBe, CalcucatedHash) == 1 ) { puts ("Signature verified!\n"); return 0; }