SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check

Add PublicKeyDataLength check to be multiple SHA256_DIGEST_SIZE
to avoid caller make mistake, or platform mis-configuration.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qin Long <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
This commit is contained in:
Jiewen Yao 2016-12-22 12:36:39 +08:00
parent c9b78304b8
commit 492c05f599
1 changed files with 5 additions and 0 deletions

View File

@ -306,6 +306,11 @@ AuthenticateFmpImage (
return RETURN_UNSUPPORTED;
}
if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) != 0) {
DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 size\n"));
return RETURN_UNSUPPORTED;
}
if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {
DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;