Due to the FIT_MAX_HASH_LEN constant not having been updated to support SHA256 signatures one will always see a buffer overflow in fit_image_process_hash when signing images that use this larger hash. This is exposed by vboot_test.sh.
Signed-off-by: Michael van der Westhuizen <mich...@smart-africa.com> --- include/image.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/image.h b/include/image.h index b278778..fdaab5e 100644 --- a/include/image.h +++ b/include/image.h @@ -702,7 +702,8 @@ int bootz_setup(ulong image, ulong *start, ulong *end); #define FIT_FDT_PROP "fdt" #define FIT_DEFAULT_PROP "default" -#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */ +/* max(crc32_len(4), sha1_len(20), sha256_len(32)) */ +#define FIT_MAX_HASH_LEN 32 /* cmdline argument format parsing */ int fit_parse_conf(const char *spec, ulong addr_curr, -- 2.0.0.rc0 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
