aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael van der Westhuizen <michael@smart-africa.com>2014-05-30 20:59:00 +0200
committerTom Rini <trini@ti.com>2014-06-05 17:01:23 -0400
commit1de7bb4f27745336c6d9cd5c2088748fcdaf699d (patch)
treefdb9041975fb651d4e5f4c54fbe164f4e5914a3f
parentd835e91d56c15d24b1880ef16837e4919fb76bcf (diff)
downloadu-boot-1de7bb4f27745336c6d9cd5c2088748fcdaf699d.zip
u-boot-1de7bb4f27745336c6d9cd5c2088748fcdaf699d.tar.gz
u-boot-1de7bb4f27745336c6d9cd5c2088748fcdaf699d.tar.bz2
Prevent a buffer overflow in mkimage when signing with SHA256
Due to the FIT_MAX_HASH_LEN constant not having been updated to support SHA256 signatures one will always see a buffer overflow in fit_image_process_hash when signing images that use this larger hash. This is exposed by vboot_test.sh. Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Acked-by: Simon Glass <sjg@chromium.org> [trini: Rework a bit so move the exportable parts of hash.h outside of !USE_HOSTCC and only need that as a new include to image.h] Signed-off-by: Tom Rini <trini@ti.com>
-rw-r--r--include/hash.h24
-rw-r--r--include/image.h3
2 files changed, 15 insertions, 12 deletions
diff --git a/include/hash.h b/include/hash.h
index dc21678..2a36326 100644
--- a/include/hash.h
+++ b/include/hash.h
@@ -6,6 +6,18 @@
#ifndef _HASH_H
#define _HASH_H
+/*
+ * Maximum digest size for all algorithms we support. Having this value
+ * avoids a malloc() or C99 local declaration in common/cmd_hash.c.
+ */
+#define HASH_MAX_DIGEST_SIZE 32
+
+enum {
+ HASH_FLAG_VERIFY = 1 << 0, /* Enable verify mode */
+ HASH_FLAG_ENV = 1 << 1, /* Allow env vars */
+};
+
+#ifndef USE_HOSTCC
#if defined(CONFIG_SHA1SUM_VERIFY) || defined(CONFIG_CRC32_VERIFY)
#define CONFIG_HASH_VERIFY
#endif
@@ -65,17 +77,6 @@ struct hash_algo {
int size);
};
-/*
- * Maximum digest size for all algorithms we support. Having this value
- * avoids a malloc() or C99 local declaration in common/cmd_hash.c.
- */
-#define HASH_MAX_DIGEST_SIZE 32
-
-enum {
- HASH_FLAG_VERIFY = 1 << 0, /* Enable verify mode */
- HASH_FLAG_ENV = 1 << 1, /* Allow env vars */
-};
-
/**
* hash_command: Process a hash command for a particular algorithm
*
@@ -125,4 +126,5 @@ int hash_block(const char *algo_name, const void *data, unsigned int len,
* @return 0 if ok, -EPROTONOSUPPORT for an unknown algorithm.
*/
int hash_lookup_algo(const char *algo_name, struct hash_algo **algop);
+#endif /* !USE_HOSTCC */
#endif
diff --git a/include/image.h b/include/image.h
index 132abdf..b71e4ba 100644
--- a/include/image.h
+++ b/include/image.h
@@ -45,6 +45,7 @@ struct lmb;
#endif /* USE_HOSTCC */
#if defined(CONFIG_FIT)
+#include <hash.h>
#include <libfdt.h>
#include <fdt_support.h>
# ifdef CONFIG_SPL_BUILD
@@ -706,7 +707,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
#define FIT_FDT_PROP "fdt"
#define FIT_DEFAULT_PROP "default"
-#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */
+#define FIT_MAX_HASH_LEN HASH_MAX_DIGEST_SIZE
/* cmdline argument format parsing */
int fit_parse_conf(const char *spec, ulong addr_curr,