From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C82F38235C for ; Wed, 21 Dec 2016 21:00:39 -0800 (PST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP; 21 Dec 2016 21:00:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,386,1477983600"; d="scan'208";a="1085343521" Received: from jyao1-mobl.ccr.corp.intel.com ([10.239.193.137]) by fmsmga001.fm.intel.com with ESMTP; 21 Dec 2016 21:00:38 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Chao Zhang , Qin Long Date: Thu, 22 Dec 2016 13:00:28 +0800 Message-Id: <1482382829-12168-2-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 In-Reply-To: <1482382829-12168-1-git-send-email-jiewen.yao@intel.com> References: <1482382829-12168-1-git-send-email-jiewen.yao@intel.com> Subject: [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2016 05:00:39 -0000 Add PublicKeyDataLength check to be multiple SHA256_DIGEST_SIZE to avoid caller make mistake, or platform mis-configuration. Cc: Chao Zhang Cc: Qin Long Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c index d113d58..4b2556c 100644 --- a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c +++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c @@ -306,6 +306,11 @@ AuthenticateFmpImage ( return RETURN_UNSUPPORTED; } + if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) != 0) { + DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 size\n")); + return RETURN_UNSUPPORTED; + } + if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); return RETURN_INVALID_PARAMETER; -- 2.7.4.windows.1