SecurityPkg/FmpAuthLib: Add PublicKeyDataLength check

Add PublicKeyDataLength check to be multiple SHA256_DIGEST_SIZE
to avoid caller make mistake, or platform mis-configuration.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qin Long <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

diff --git a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
index d113d58103c13c1d9b7c81e032096b712dd54e63..4b2556cc905a47a24284a9def7b58a1ea5b954d3 100644 (file)
--- a/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
+++ b/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
@@ -306,6 +306,11 @@ AuthenticateFmpImage (
     return RETURN_UNSUPPORTED;\r
   }\r
 \r
+  if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) != 0) {\r
+    DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 size\n"));\r
+    return RETURN_UNSUPPORTED;\r
+  }\r
+\r
   if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {\r
     DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));\r
     return RETURN_INVALID_PARAMETER;\r