From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id C82F38235C
 for <edk2-devel@lists.01.org>; Wed, 21 Dec 2016 21:00:39 -0800 (PST)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by orsmga104.jf.intel.com with ESMTP; 21 Dec 2016 21:00:39 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,386,1477983600"; d="scan'208";a="1085343521"
Received: from jyao1-mobl.ccr.corp.intel.com ([10.239.193.137])
 by fmsmga001.fm.intel.com with ESMTP; 21 Dec 2016 21:00:38 -0800
From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Chao Zhang <chao.b.zhang@intel.com>,
	Qin Long <qin.long@intel.com>
Date: Thu, 22 Dec 2016 13:00:28 +0800
Message-Id: <1482382829-12168-2-git-send-email-jiewen.yao@intel.com>
X-Mailer: git-send-email 2.7.4.windows.1
In-Reply-To: <1482382829-12168-1-git-send-email-jiewen.yao@intel.com>
References: <1482382829-12168-1-git-send-email-jiewen.yao@intel.com>
Subject: [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2016 05:00:39 -0000

Add PublicKeyDataLength check to be multiple SHA256_DIGEST_SIZE
to avoid caller make mistake, or platform mis-configuration.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qin Long <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
index d113d58..4b2556c 100644
--- a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
+++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
@@ -306,6 +306,11 @@ AuthenticateFmpImage (
     return RETURN_UNSUPPORTED;
   }
 
+  if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) != 0) {
+    DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 size\n"));
+    return RETURN_UNSUPPORTED;
+  }
+
   if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
     DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
     return RETURN_INVALID_PARAMETER;
-- 
2.7.4.windows.1