sha256: do not align raw section sizes

A vmlinuz hash was failing because it was being aligned up to the
context.fileAlignment (which is 32) which adds a spurious 16 bytes to
the section size.

Additionally, only hash additional data if the remaining data is
larger than the security directory.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

1 files changed, 5 insertions, 3 deletions

diff --git a/lib/sha256.c b/lib/sha256.c
index b5b0b3b..180fa16 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -343,19 +343,21 @@ sha256_get_pecoff_digest_mem(void *buffer, UINTN DataSize,
 	for (i = 0; i < context.NumberOfSections; i++) {
 		section = sections[i];
 		hashbase  = pecoff_image_address(buffer, DataSize, section->PointerToRawData);
-		hashsize  = (unsigned int) ALIGN_VALUE(section->SizeOfRawData,
-						       context.FileAlignment);
+		hashsize  = section->SizeOfRawData;
 		if (hashsize == 0)
 			continue;
 		sha256_update(&ctx, hashbase, hashsize);
 		sum_of_bytes += hashsize;
 	}
 
-	if (DataSize > sum_of_bytes) {
+	if (DataSize > sum_of_bytes + context.SecDir->Size) {
 		/* stuff at end to hash */
 		hashbase = buffer + sum_of_bytes;
 		hashsize = (unsigned int)(DataSize - context.SecDir->Size - sum_of_bytes);
 		sha256_update(&ctx, hashbase, hashsize);
+	} else if (DataSize < sum_of_bytes + context.SecDir->Size) {
+		/* warn but hope the checksum is right */
+		Print(L"Invalid Data Size %d bytes too small\n", DataSize + context.SecDir->Size - sum_of_bytes);
 	}
 	sha256_finish(&ctx, hash);