Changes

|-

|-

| [[Stage2]] header RSA signature padding not checked properly

| [[Stage2]] header RSA signature padding not checked properly

| [[Stage1]] uses the SWI RSA_Decrypt_Unpad routine to verify the RSA signature of the [[stage2]] header. However, it does not check the return value of this function. This will make stage1 use zero-initialized memory as the plaintext RSA message. However, due to the specific structure of this RSA message, this will quickly be caught by stage1.

| [[Stage1]] uses the SWI RSA_Decrypt_Unpad routine to verify the RSA signature of the [[stage2]] header. However, it does not check the return value of this function. This will make stage1 use zero-initialized memory as the plaintext RSA message for signatures with improper padding. However, due to the specific structure of this RSA message, this will quickly be caught by stage1.

|  

|  

|  

|