From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 70BB582358 for ; Wed, 21 Dec 2016 21:14:53 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga105.fm.intel.com with ESMTP; 21 Dec 2016 21:14:53 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,386,1477983600"; d="scan'208";a="42365987" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga004.jf.intel.com with ESMTP; 21 Dec 2016 21:14:52 -0800 Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 21 Dec 2016 21:14:52 -0800 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 21 Dec 2016 21:14:52 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.20]) by shsmsx102.ccr.corp.intel.com ([169.254.2.88]) with mapi id 14.03.0248.002; Thu, 22 Dec 2016 13:14:48 +0800 From: "Long, Qin" To: "Yao, Jiewen" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" Thread-Topic: [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check Thread-Index: AQHSXBBiETgoV6kVQUyhgvnZwYf+JKETbGbA Date: Thu, 22 Dec 2016 05:14:48 +0000 Message-ID: References: <1482382829-12168-1-git-send-email-jiewen.yao@intel.com> <1482382829-12168-2-git-send-email-jiewen.yao@intel.com> In-Reply-To: <1482382829-12168-2-git-send-email-jiewen.yao@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2016 05:14:53 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Qin Long > -----Original Message----- > From: Yao, Jiewen > Sent: Thursday, December 22, 2016 1:00 PM > To: edk2-devel@lists.01.org > Cc: Zhang, Chao B; Long, Qin > Subject: [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength > check >=20 > Add PublicKeyDataLength check to be multiple SHA256_DIGEST_SIZE to avoid > caller make mistake, or platform mis-configuration. >=20 > Cc: Chao Zhang > Cc: Qin Long > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > --- >=20 > SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticatio > nLibRsa2048Sha256.c | 5 +++++ > 1 file changed, 5 insertions(+) >=20 > diff --git > a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticat > ionLibRsa2048Sha256.c > b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticat > ionLibRsa2048Sha256.c > index d113d58..4b2556c 100644 > --- > a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticat > ionLibRsa2048Sha256.c > +++ > b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthentic > +++ ationLibRsa2048Sha256.c > @@ -306,6 +306,11 @@ AuthenticateFmpImage ( > return RETURN_UNSUPPORTED; > } >=20 > + if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) !=3D 0) { > + DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 > size\n")); > + return RETURN_UNSUPPORTED; > + } > + > if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { > DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too > small\n")); > return RETURN_INVALID_PARAMETER; > -- > 2.7.4.windows.1