* grub-core/lib/crypto.c (grub_crypto_hash): Remove variable length

	array.

diff --git a/ChangeLog b/ChangeLog
index 0c70fde9f864ccba02b54f280426dcad5c2f9617..4c410bcb242bed92a32908d0c4c13f055cfa5e58 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-11-20  Vladimir Serbinenko  <phcoder@gmail.com>
+
+       * grub-core/lib/crypto.c (grub_crypto_hash): Remove variable length
+       array.
+
 2013-11-20  Vladimir Serbinenko  <phcoder@gmail.com>
 
        * util/grub-mkconfig.in: Say explicit "grub configuration" rather

diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index e31afb745bfe8bd33cd59027c8add2e49fd85ba5..b7c9974990dc7b8890a5a1cf3b269341e1417649 100644 (file)
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -125,7 +125,10 @@ void
 grub_crypto_hash (const gcry_md_spec_t *hash, void *out, const void *in,
                  grub_size_t inlen)
 {
-  grub_uint8_t ctx[hash->contextsize];
+  GRUB_PROPERLY_ALIGNED_ARRAY (ctx, GRUB_CRYPTO_MAX_MD_CONTEXT_SIZE);
+
+  if (hash->contextsize > sizeof (ctx))
+    grub_fatal ("Too large md context");
   hash->init (&ctx);
   hash->write (&ctx, in, inlen);
   hash->final (&ctx);

diff --git a/include/grub/crypto.h b/include/grub/crypto.h
index d7ba697c66a05278df2a4e8af622464dfda358cc..3739c6a4bd7a17434daaf913fb57732d113a2229 100644 (file)
--- a/include/grub/crypto.h
+++ b/include/grub/crypto.h
@@ -88,6 +88,7 @@ enum gcry_cipher_modes
 /* Don't rely on this. Check!  */
 #define GRUB_CRYPTO_MAX_MDLEN 64
 #define GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE 16
+#define GRUB_CRYPTO_MAX_MD_CONTEXT_SIZE 256
 
 /* Type for the cipher_setkey function.  */
 typedef gcry_err_code_t (*gcry_cipher_setkey_t) (void *c,

diff --git a/util/import_gcry.py b/util/import_gcry.py
index a197b31419ae7a45d7eeeaba2521ed879d8380fd..1319a8ca867af240a73802ab266240d84a6589ec 100644 (file)
--- a/util/import_gcry.py
+++ b/util/import_gcry.py
@@ -137,11 +137,13 @@ for cipher_file in cipher_files:
 
         ciphernames = []
         mdnames = []
+        mdctxsizes = []
         pknames = []
         hold = False
         skip = 0
         skip2 = False
         ismd = False
+        mdarg = 0
         ispk = False
         iscipher = False
         iscryptostart = False
@@ -174,6 +176,11 @@ for cipher_file in cipher_files:
                     sg = s.groups()[0]
                     cryptolist.write (("%s: %s\n") % (sg, modname))
                     iscryptostart = False
+            if ismd:
+                spl = line.split (",")
+                if mdarg + len (spl) > 9 and mdarg <= 9 and ("sizeof" in spl[9-mdarg]):
+                    mdctxsizes.append (spl[9-mdarg].lstrip ().rstrip())
+                mdarg = mdarg + len (spl) - 1
             if ismd or iscipher or ispk:
                 if not re.search (" *};", line) is None:
                     if not iscomma:
@@ -189,6 +196,7 @@ for cipher_file in cipher_files:
                         fw.write ("    .blocksize = %s\n"
                                   % mdblocksizes [mdname])
                     ismd = False
+                    mdarg = 0
                     iscipher = False
                     ispk = False
                 iscomma = not re.search (",$", line) is None
@@ -283,6 +291,7 @@ for cipher_file in cipher_files:
                 mdname = re.match("[a-zA-Z0-9_]*",mdname).group ()
                 mdnames.append (mdname)
                 ismd = True
+                mdarg = 0
                 iscryptostart = True
             m = re.match ("static const char \*selftest.*;$", line)
             if not m is None:
@@ -423,6 +432,8 @@ for cipher_file in cipher_files:
                 chmsg = "Register cipher %s" % ciphername
                 chlognew = "%s\n       %s" % (chlognew, chmsg)
                 fw.write ("  grub_cipher_register (&%s);\n" % ciphername)
+            for ctxsize in mdctxsizes:
+                fw.write ("  COMPILE_TIME_ASSERT(%s <= GRUB_CRYPTO_MAX_MD_CONTEXT_SIZE);\n" % ctxsize)
             for mdname in mdnames:
                 chmsg = "Register digest %s" % mdname
                 chlognew = "%s\n       %s" % (chlognew, chmsg)