* [PATCH 0/2] Add check for PublicKeyDataLength @ 2016-12-22 5:00 Jiewen Yao 2016-12-22 5:00 ` [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check Jiewen Yao 2016-12-22 5:00 ` [PATCH 2/2] SignedCapsulePkg/SystemCapsuleLib: Add ASSERT check for PCD Jiewen Yao 0 siblings, 2 replies; 5+ messages in thread From: Jiewen Yao @ 2016-12-22 5:00 UTC (permalink / raw) To: edk2-devel Add more check for PublicKeyDataLength to avoid user mistake or platform mis-configuration. Jiewen Yao (2): SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check SignedCapsulePkg/SystemCapsuleLib: Add ASSERT check for PCD SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c | 5 +++++ SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 2 ++ 2 files changed, 7 insertions(+) -- 2.7.4.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check 2016-12-22 5:00 [PATCH 0/2] Add check for PublicKeyDataLength Jiewen Yao @ 2016-12-22 5:00 ` Jiewen Yao 2016-12-22 5:14 ` Long, Qin 2016-12-22 5:00 ` [PATCH 2/2] SignedCapsulePkg/SystemCapsuleLib: Add ASSERT check for PCD Jiewen Yao 1 sibling, 1 reply; 5+ messages in thread From: Jiewen Yao @ 2016-12-22 5:00 UTC (permalink / raw) To: edk2-devel; +Cc: Chao Zhang, Qin Long Add PublicKeyDataLength check to be multiple SHA256_DIGEST_SIZE to avoid caller make mistake, or platform mis-configuration. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Qin Long <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> --- SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c index d113d58..4b2556c 100644 --- a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c +++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c @@ -306,6 +306,11 @@ AuthenticateFmpImage ( return RETURN_UNSUPPORTED; } + if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) != 0) { + DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 size\n")); + return RETURN_UNSUPPORTED; + } + if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); return RETURN_INVALID_PARAMETER; -- 2.7.4.windows.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check 2016-12-22 5:00 ` [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check Jiewen Yao @ 2016-12-22 5:14 ` Long, Qin 0 siblings, 0 replies; 5+ messages in thread From: Long, Qin @ 2016-12-22 5:14 UTC (permalink / raw) To: Yao, Jiewen, edk2-devel@lists.01.org; +Cc: Zhang, Chao B Reviewed-by: Qin Long <qin.long@intel.com> > -----Original Message----- > From: Yao, Jiewen > Sent: Thursday, December 22, 2016 1:00 PM > To: edk2-devel@lists.01.org > Cc: Zhang, Chao B; Long, Qin > Subject: [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength > check > > Add PublicKeyDataLength check to be multiple SHA256_DIGEST_SIZE to avoid > caller make mistake, or platform mis-configuration. > > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Qin Long <qin.long@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> > --- > > SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticatio > nLibRsa2048Sha256.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git > a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticat > ionLibRsa2048Sha256.c > b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticat > ionLibRsa2048Sha256.c > index d113d58..4b2556c 100644 > --- > a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticat > ionLibRsa2048Sha256.c > +++ > b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthentic > +++ ationLibRsa2048Sha256.c > @@ -306,6 +306,11 @@ AuthenticateFmpImage ( > return RETURN_UNSUPPORTED; > } > > + if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) != 0) { > + DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 > size\n")); > + return RETURN_UNSUPPORTED; > + } > + > if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { > DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too > small\n")); > return RETURN_INVALID_PARAMETER; > -- > 2.7.4.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 2/2] SignedCapsulePkg/SystemCapsuleLib: Add ASSERT check for PCD 2016-12-22 5:00 [PATCH 0/2] Add check for PublicKeyDataLength Jiewen Yao 2016-12-22 5:00 ` [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check Jiewen Yao @ 2016-12-22 5:00 ` Jiewen Yao 2016-12-22 5:15 ` Long, Qin 1 sibling, 1 reply; 5+ messages in thread From: Jiewen Yao @ 2016-12-22 5:00 UTC (permalink / raw) To: edk2-devel; +Cc: Chao Zhang, Qin Long Add ASSERT check for PCD to avoid platform mis-configuration. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Qin Long <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> --- SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c index 27c6f4c..1820551 100644 --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c @@ -415,6 +415,8 @@ ExtractAuthenticatedImage ( } else { return FALSE; } + ASSERT (PublicKeyData != NULL); + ASSERT (PublicKeyDataLength != 0); Status = AuthenticateFmpImage( ImageAuth, -- 2.7.4.windows.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] SignedCapsulePkg/SystemCapsuleLib: Add ASSERT check for PCD 2016-12-22 5:00 ` [PATCH 2/2] SignedCapsulePkg/SystemCapsuleLib: Add ASSERT check for PCD Jiewen Yao @ 2016-12-22 5:15 ` Long, Qin 0 siblings, 0 replies; 5+ messages in thread From: Long, Qin @ 2016-12-22 5:15 UTC (permalink / raw) To: Yao, Jiewen, edk2-devel@lists.01.org; +Cc: Zhang, Chao B Reviewed-by: Qin Long <qin.long@intel.com> > -----Original Message----- > From: Yao, Jiewen > Sent: Thursday, December 22, 2016 1:00 PM > To: edk2-devel@lists.01.org > Cc: Zhang, Chao B; Long, Qin > Subject: [PATCH 2/2] SignedCapsulePkg/SystemCapsuleLib: Add ASSERT > check for PCD > > Add ASSERT check for PCD to avoid platform mis-configuration. > > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Qin Long <qin.long@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> > --- > SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | > 2 ++ > 1 file changed, 2 insertions(+) > > diff --git > a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > index 27c6f4c..1820551 100644 > --- > a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > +++ > b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > @@ -415,6 +415,8 @@ ExtractAuthenticatedImage ( > } else { > return FALSE; > } > + ASSERT (PublicKeyData != NULL); > + ASSERT (PublicKeyDataLength != 0); > > Status = AuthenticateFmpImage( > ImageAuth, > -- > 2.7.4.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-12-22 5:15 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-12-22 5:00 [PATCH 0/2] Add check for PublicKeyDataLength Jiewen Yao 2016-12-22 5:00 ` [PATCH 1/2] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check Jiewen Yao 2016-12-22 5:14 ` Long, Qin 2016-12-22 5:00 ` [PATCH 2/2] SignedCapsulePkg/SystemCapsuleLib: Add ASSERT check for PCD Jiewen Yao 2016-12-22 5:15 ` Long, Qin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox