From 492c05f599f550bc9926ffd18c045916cd0ce604 Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Thu, 22 Dec 2016 12:36:39 +0800 Subject: [PATCH] SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check Add PublicKeyDataLength check to be multiple SHA256_DIGEST_SIZE to avoid caller make mistake, or platform mis-configuration. Cc: Chao Zhang Cc: Qin Long Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Reviewed-by: Qin Long --- .../FmpAuthenticationLibRsa2048Sha256.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c index d113d58103..4b2556cc90 100644 --- a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c +++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c @@ -306,6 +306,11 @@ AuthenticateFmpImage ( return RETURN_UNSUPPORTED; } + if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) != 0) { + DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 size\n")); + return RETURN_UNSUPPORTED; + } + if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); return RETURN_INVALID_PARAMETER;