Prevent a buffer overflow in mkimage when signing with SHA256

Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash.  This is exposed by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Rework a bit so move the exportable parts of hash.h outside of
 !USE_HOSTCC and only need that as a new include to image.h]
Signed-off-by: Tom Rini <trini@ti.com>

diff --git a/include/hash.h b/include/hash.h
index dc21678045e8df71eb30fbb01d72a28c8c92e17e..2a3632623b75e57098d80195627e2f8e1946b637 100644 (file)
--- a/include/hash.h
+++ b/include/hash.h
@@ -6,6 +6,18 @@
 #ifndef _HASH_H
 #define _HASH_H
 
+/*
+ * Maximum digest size for all algorithms we support. Having this value
+ * avoids a malloc() or C99 local declaration in common/cmd_hash.c.
+ */
+#define HASH_MAX_DIGEST_SIZE   32
+
+enum {
+       HASH_FLAG_VERIFY        = 1 << 0,       /* Enable verify mode */
+       HASH_FLAG_ENV           = 1 << 1,       /* Allow env vars */
+};
+
+#ifndef USE_HOSTCC
 #if defined(CONFIG_SHA1SUM_VERIFY) || defined(CONFIG_CRC32_VERIFY)
 #define CONFIG_HASH_VERIFY
 #endif
@@ -65,17 +77,6 @@ struct hash_algo {
                           int size);
 };
 
-/*
- * Maximum digest size for all algorithms we support. Having this value
- * avoids a malloc() or C99 local declaration in common/cmd_hash.c.
- */
-#define HASH_MAX_DIGEST_SIZE   32
-
-enum {
-       HASH_FLAG_VERIFY        = 1 << 0,       /* Enable verify mode */
-       HASH_FLAG_ENV           = 1 << 1,       /* Allow env vars */
-};
-
 /**
  * hash_command: Process a hash command for a particular algorithm
  *
@@ -125,4 +126,5 @@ int hash_block(const char *algo_name, const void *data, unsigned int len,
  * @return 0 if ok, -EPROTONOSUPPORT for an unknown algorithm.
  */
 int hash_lookup_algo(const char *algo_name, struct hash_algo **algop);
+#endif /* !USE_HOSTCC */
 #endif

diff --git a/include/image.h b/include/image.h
index 132abdf05595051d5e48ffc982f5429ba377ee1a..b71e4ba35f633555b435448ba3ce119a19837b89 100644 (file)
--- a/include/image.h
+++ b/include/image.h
@@ -45,6 +45,7 @@ struct lmb;
 #endif /* USE_HOSTCC */
 
 #if defined(CONFIG_FIT)
+#include <hash.h>
 #include <libfdt.h>
 #include <fdt_support.h>
 # ifdef CONFIG_SPL_BUILD
@@ -706,7 +707,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
 #define FIT_FDT_PROP           "fdt"
 #define FIT_DEFAULT_PROP       "default"
 
-#define FIT_MAX_HASH_LEN       20      /* max(crc32_len(4), sha1_len(20)) */
+#define FIT_MAX_HASH_LEN       HASH_MAX_DIGEST_SIZE
 
 /* cmdline argument format parsing */
 int fit_parse_conf(const char *spec, ulong addr_curr,