diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-01-08 12:59:37 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-01-08 14:11:06 -0800 |
commit | dac1ff8f74e7cf13d0f67e2b2b33ba898a98bf00 (patch) | |
tree | a2e7f650fb37fcc0f334cc85924e36b216549766 | |
parent | 05fa125a0ead264d346bc0dc73971d95342d50da (diff) | |
download | efitools-dac1ff8f74e7cf13d0f67e2b2b33ba898a98bf00.tar.gz |
sha256: do not align raw section sizes
A vmlinuz hash was failing because it was being aligned up to the
context.fileAlignment (which is 32) which adds a spurious 16 bytes to
the section size.
Additionally, only hash additional data if the remaining data is
larger than the security directory.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | lib/sha256.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/sha256.c b/lib/sha256.c index b5b0b3b..180fa16 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -343,19 +343,21 @@ sha256_get_pecoff_digest_mem(void *buffer, UINTN DataSize, for (i = 0; i < context.NumberOfSections; i++) { section = sections[i]; hashbase = pecoff_image_address(buffer, DataSize, section->PointerToRawData); - hashsize = (unsigned int) ALIGN_VALUE(section->SizeOfRawData, - context.FileAlignment); + hashsize = section->SizeOfRawData; if (hashsize == 0) continue; sha256_update(&ctx, hashbase, hashsize); sum_of_bytes += hashsize; } - if (DataSize > sum_of_bytes) { + if (DataSize > sum_of_bytes + context.SecDir->Size) { /* stuff at end to hash */ hashbase = buffer + sum_of_bytes; hashsize = (unsigned int)(DataSize - context.SecDir->Size - sum_of_bytes); sha256_update(&ctx, hashbase, hashsize); + } else if (DataSize < sum_of_bytes + context.SecDir->Size) { + /* warn but hope the checksum is right */ + Print(L"Invalid Data Size %d bytes too small\n", DataSize + context.SecDir->Size - sum_of_bytes); } sha256_finish(&ctx, hash); |