diff options
author | James Bottomley <JBottomley@Parallels.com> | 2013-01-01 10:21:27 +0000 |
---|---|---|
committer | James Bottomley <JBottomley@Parallels.com> | 2013-01-01 10:21:27 +0000 |
commit | 77a3e1c3d888488f1809ad050be46c3a7faba38c (patch) | |
tree | 8abf3b951878ddd20bcc714f8ee2c16e72338fad | |
parent | 82f839a8d2444f52239144fad90da67b5ca11a2b (diff) | |
download | efitools-77a3e1c3d888488f1809ad050be46c3a7faba38c.tar.gz |
Error handling for sha256 hash failures
We can only hash valid EFI binaries, so print error if hash fails.
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
-rw-r--r-- | HashTool.c | 8 | ||||
-rw-r--r-- | KeyTool.c | 7 | ||||
-rw-r--r-- | hash-to-efi-sig-list.c | 13 |
3 files changed, 24 insertions, 4 deletions
@@ -78,7 +78,13 @@ enroll_hash(void) /* user pressed ESC */ return; - sha256_get_pecoff_digest(im, file_name, hash); + efi_status = sha256_get_pecoff_digest(im, file_name, hash); + if (efi_status != EFI_SUCCESS) { + console_error(L"Hash failed (is efi binary valid?)", + efi_status); + return; + } + StrCpy(buf0, L"Enroll this hash into "); if (setupmode) @@ -399,7 +399,12 @@ enroll_hash(int key) /* user pressed ESC */ return; - sha256_get_pecoff_digest(h, file_name, hash); + efi_status = sha256_get_pecoff_digest(h, file_name, hash); + if (efi_status != EFI_SUCCESS) { + console_error(L"Hash failed (is efi binary valid?)", + efi_status); + return; + } StrCpy(buf0, L"Enroll hash into "); StrCat(buf0, keyinfo[key].text); diff --git a/hash-to-efi-sig-list.c b/hash-to-efi-sig-list.c index f267b5e..72135ac 100644 --- a/hash-to-efi-sig-list.c +++ b/hash-to-efi-sig-list.c @@ -65,11 +65,14 @@ main(int argc, char *argv[]) int hashes = argc - 2; UINT8 hash[hashes][SHA256_DIGEST_SIZE]; - + + memset(hash, 0, sizeof(hash)); for (i = 0; i < hashes; i++) { int j; struct stat st; + EFI_STATUS status; + int fdefifile = open(argv[i + 1], O_RDONLY); if (fdefifile == -1) { fprintf(stderr, "failed to open file %s: ", argv[1]); @@ -80,7 +83,13 @@ main(int argc, char *argv[]) efifile = malloc(st.st_size); read(fdefifile, efifile, st.st_size); close(fdefifile); - sha256_get_pecoff_digest_mem(efifile, st.st_size, hash[i]); + status = sha256_get_pecoff_digest_mem(efifile, st.st_size, + hash[i]); + if (status != EFI_SUCCESS) { + printf("Failed to get hash of %s: %d\n", argv[i+1], + status); + continue; + } printf("HASH IS "); for (j = 0; j < SHA256_DIGEST_SIZE; j++) { printf("%02x", hash[i][j]); |