From 1de7bb4f27745336c6d9cd5c2088748fcdaf699d Mon Sep 17 00:00:00 2001 From: Michael van der Westhuizen Date: Fri, 30 May 2014 20:59:00 +0200 Subject: Prevent a buffer overflow in mkimage when signing with SHA256 Due to the FIT_MAX_HASH_LEN constant not having been updated to support SHA256 signatures one will always see a buffer overflow in fit_image_process_hash when signing images that use this larger hash. This is exposed by vboot_test.sh. Signed-off-by: Michael van der Westhuizen Acked-by: Simon Glass [trini: Rework a bit so move the exportable parts of hash.h outside of !USE_HOSTCC and only need that as a new include to image.h] Signed-off-by: Tom Rini --- include/hash.h | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'include/hash.h') diff --git a/include/hash.h b/include/hash.h index dc21678045e..2a3632623b7 100644 --- a/include/hash.h +++ b/include/hash.h @@ -6,6 +6,18 @@ #ifndef _HASH_H #define _HASH_H +/* + * Maximum digest size for all algorithms we support. Having this value + * avoids a malloc() or C99 local declaration in common/cmd_hash.c. + */ +#define HASH_MAX_DIGEST_SIZE 32 + +enum { + HASH_FLAG_VERIFY = 1 << 0, /* Enable verify mode */ + HASH_FLAG_ENV = 1 << 1, /* Allow env vars */ +}; + +#ifndef USE_HOSTCC #if defined(CONFIG_SHA1SUM_VERIFY) || defined(CONFIG_CRC32_VERIFY) #define CONFIG_HASH_VERIFY #endif @@ -65,17 +77,6 @@ struct hash_algo { int size); }; -/* - * Maximum digest size for all algorithms we support. Having this value - * avoids a malloc() or C99 local declaration in common/cmd_hash.c. - */ -#define HASH_MAX_DIGEST_SIZE 32 - -enum { - HASH_FLAG_VERIFY = 1 << 0, /* Enable verify mode */ - HASH_FLAG_ENV = 1 << 1, /* Allow env vars */ -}; - /** * hash_command: Process a hash command for a particular algorithm * @@ -125,4 +126,5 @@ int hash_block(const char *algo_name, const void *data, unsigned int len, * @return 0 if ok, -EPROTONOSUPPORT for an unknown algorithm. */ int hash_lookup_algo(const char *algo_name, struct hash_algo **algop); +#endif /* !USE_HOSTCC */ #endif -- cgit v1.2.3 From 31890ae299bca739c58b311dfced0bb199a5f520 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Mon, 2 Jun 2014 22:04:49 -0600 Subject: hash: Export the function to show a hash This function is useful for displaying a hash value, so export it. Signed-off-by: Simon Glass --- include/hash.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'include/hash.h') diff --git a/include/hash.h b/include/hash.h index 2a3632623b7..5cb4dbfcb2b 100644 --- a/include/hash.h +++ b/include/hash.h @@ -126,5 +126,19 @@ int hash_block(const char *algo_name, const void *data, unsigned int len, * @return 0 if ok, -EPROTONOSUPPORT for an unknown algorithm. */ int hash_lookup_algo(const char *algo_name, struct hash_algo **algop); + +/** + * hash_show() - Print out a hash algorithm and value + * + * You will get a message like this (without a newline at the end): + * + * "sha1 for 9eb3337c ... 9eb3338f ==> 7942ef1df479fd3130f716eb9613d107dab7e257" + * + * @algo: Algorithm used for hash + * @addr: Address of data that was hashed + * @len: Length of data that was hashed + * @output: Hash value to display + */ +void hash_show(struct hash_algo *algo, ulong addr, ulong len, u8 *output); #endif /* !USE_HOSTCC */ #endif -- cgit v1.2.3 From 04819a4ff1c93972ac46aedd3f17becbd5e0b588 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Thu, 12 Jun 2014 07:24:41 -0600 Subject: hash: Use uint8_t in preference to u8 This type is more readily available on the host compiler, so use it instead. Signed-off-by: Simon Glass --- include/hash.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include/hash.h') diff --git a/include/hash.h b/include/hash.h index 5cb4dbfcb2b..d8ec4f08e16 100644 --- a/include/hash.h +++ b/include/hash.h @@ -139,6 +139,7 @@ int hash_lookup_algo(const char *algo_name, struct hash_algo **algop); * @len: Length of data that was hashed * @output: Hash value to display */ -void hash_show(struct hash_algo *algo, ulong addr, ulong len, u8 *output); +void hash_show(struct hash_algo *algo, ulong addr, ulong len, + uint8_t *output); #endif /* !USE_HOSTCC */ #endif -- cgit v1.2.3