pcrlock: Pad pe hash to a multiple of 8 bytes

All other tools (sbsigntools, osslsigncode, sbctl, goblin) do this
as well so let's follow suite.

diff --git a/src/pcrlock/pehash.c b/src/pcrlock/pehash.c
index 7e9dade1f710167b49ae19533aa0ec588fb4b323..39ed61cc2e64f31a71e32e6ac2a55c0bc2fac5fa 100644 (file)
--- a/src/pcrlock/pehash.c
+++ b/src/pcrlock/pehash.c
@@ -135,6 +135,10 @@ int pe_hash(int fd,
                 r = hash_file(fd, mdctx, p, st.st_size - p - certificate_table->Size);
                 if (r < 0)
                         return r;
+
+                /* If the file size is not a multiple of 8 bytes, pad the hash with zero bytes. */
+                if (st.st_size % 8 != 0 && EVP_DigestUpdate(mdctx, (const uint8_t[8]) {}, 8 - (st.st_size % 8)) != 1)
+                        return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Unable to hash data.");
         }
 
         int hsz = EVP_MD_CTX_size(mdctx);