From patchwork Mon Oct 23 15:55:25 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Storm, Christian" <christian.storm@siemens.com>
X-Patchwork-Id: 829361
Return-Path: <swupdate+bncBDD6BWV65QPBBPVCXDHQKGQEWNK4L2A@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=googlegroups.com
	(client-ip=2a00:1450:400c:c0c::237;
	helo=mail-wr0-x237.google.com;
	envelope-from=swupdate+bncbdd6bwv65qpbbpvcxdhqkgqewnk4l2a@googlegroups.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=googlegroups.com header.i=@googlegroups.com
	header.b="tHUecD4r"; dkim-atps=neutral
Received: from mail-wr0-x237.google.com (mail-wr0-x237.google.com
	[IPv6:2a00:1450:400c:c0c::237])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3yLLcf6hvgz9t6F
	for <incoming@patchwork.ozlabs.org>;
	Tue, 24 Oct 2017 02:56:49 +1100 (AEDT)
Received: by mail-wr0-x237.google.com with SMTP id 11sf7293918wrb.10
	for <incoming@patchwork.ozlabs.org>;
	Mon, 23 Oct 2017 08:56:49 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1508774206; cv=pass;
	d=google.com; s=arc-20160816;
	b=ibvhjbUVL2cwzjW0UYtHnxkzKEKfGwvee6aEUgr1QhBu9l5JtIbNBGf2tG/vCYyZnZ
	cJQ8uttC0joghCYOQur10iMTffYHQ/jZjSkl33qjEUGVrVp4zGjJ7K/VYnsCHV6m7w2R
	hgYQTFcugeCZcPyHMW2WQas0oWSd6DquxyvdCANjxUY+p5xJ4+aIv8fdj9R5HoIYRVMS
	1mzT3Xmzy9UVcYTowO2Qw5bzaBN/rAZKMMvNaGLzqG3vHB9Qc4PCXa0+A2thD5aSXNAH
	1Jrn6MfN6Poo9lvv6LlmDcliFGuaNeHfPqcsw9RQTY9tGsXOI1MMmoQqK91jWZHQDmmX
	SMLg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
	:list-id:mailing-list:precedence:message-id:date:subject:cc:to:from
	:arc-authentication-results:arc-message-signature:mime-version
	:sender:dkim-signature:arc-authentication-results;
	bh=DWl6HC/zQySo1A8BguY5hbjED4NC9lCN9dxLCrJoHxE=;
	b=X6mHkWMeoxow6G+smAuP7ZkTYNcT9pYKgt8hAP6O8EQit5E92/tojm+IGhQzlWoeYn
	JyocxKthcSMvROYSsaHLe26BuOs0D5/8yPeUXCEADh7Zg4B7MzsO+7ngRuBPhG5817SZ
	G5gVnwaJ1aT5r+ppZwgGtltAf5L438N6PJPIPJqCY1pbO7RbGZTN5ByTNwLu2R5RE/z3
	TjY/2ELAFTmGC4Ni7yHcu/z7beHapdAm+TaNoWG3Egu+o5rSZ+dn+lm0a/K9TM3HvH6Q
	3XXV91cpwAhUAvCyiFvG67aUkd45MUJF8BtMHMKudVUTVvOSebFdgOtH0JmtbNrI9v3C
	yWKw==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
	spf=pass (google.com: domain of christian.storm@siemens.com
	designates 192.35.17.2 as permitted sender)
	smtp.mailfrom=christian.storm@siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlegroups.com; s=20161025;
	h=sender:mime-version:from:to:cc:subject:date:message-id
	:x-original-sender:x-original-authentication-results:precedence
	:mailing-list:list-id:list-post:list-help:list-archive
	:list-subscribe:list-unsubscribe;
	bh=DWl6HC/zQySo1A8BguY5hbjED4NC9lCN9dxLCrJoHxE=;
	b=tHUecD4rjqocd81nlVxYYzU0ci3OaknYB+RQ3lN6h2BDscYyaGT3MeYUG/9wej9RVm
	jk3ndkInS0Tuc/15tDrHSwoLLfX9CBYorxAYZvxbhcEcsz1yoWRb5O/qIKDrJTRvnGS4
	H92OfbTaUq05yC3KHAb3C5P83gBq7TDj6a51aaBGJF8BVnd+P2H9ZaQSHb4n0XgaVkxz
	45D8s/xCj8nfmpqwJPvu6TzMtvpPKmEVpFrRZrUViZF0QKRqfFc5egyRen+URnKyYELC
	K4EqvNaXlHmUM/hKv4ETmWEj/Kc1tRNafVMsE31pYExi7wExxCuYSF9jVBe+LhOtWy3z
	DnYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date
	:message-id:x-original-sender:x-original-authentication-results
	:precedence:mailing-list:list-id:x-spam-checked-in-group:list-post
	:list-help:list-archive:list-subscribe:list-unsubscribe;
	bh=DWl6HC/zQySo1A8BguY5hbjED4NC9lCN9dxLCrJoHxE=;
	b=lzbUaLq31OQ/pa6wDq0gH0sZr5gBNGlDPDyV4UqIs84WLR5zushkiRyIahmXqlFxex
	fmGtbLJsVsU74mUlhmFQcve2Qg24UQnL9S0vpE34yjxUIpXtwtEL0glmwZ3DOHALcd85
	dTcuuOVPdRSwXRT8u+KiuNb6XBDSpYzht4LeJQnYSkh21wk1JVSl0F5PuBRXNNh4b1c5
	FOOZM1DFsa+ogFQZccgE0y9drRmXhHDwqTDkRYRC1c4KLQf4bTZIOYAsBszGOLKd2ePb
	r7RVWCg8itqES6G+PTrnqnAXn8nAWjtqbjvf9oQ+kWk2tUG6sJ+DJVXJOC7w+tORhJ6C
	rUPA==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: AMCzsaWruTfN2P/1u24lzg0IuAxfQXqAo7wkWUmsQSWc1yyWXMAWmfyp
	vhvTuHkAMDoPVNNwNNBKR4A=
X-Google-Smtp-Source: 
 ABhQp+Ta4cOkgp57vVcqGvXhPz4WxqqItI6EzTcBaD027IROkwJpgiCtL5uzTBuilVMbqGPpC6VCaA==
X-Received: by 10.28.227.138 with SMTP id a132mr69938wmh.7.1508774206375;
	Mon, 23 Oct 2017 08:56:46 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: swupdate@googlegroups.com
Received: by 10.28.54.141 with SMTP id y13ls1477705wmh.6.canary-gmail;
	Mon, 23 Oct 2017 08:56:46 -0700 (PDT)
X-Received: by 10.28.229.16 with SMTP id c16mr751168wmh.13.1508774205988;
	Mon, 23 Oct 2017 08:56:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1508774205; cv=none;
	d=google.com; s=arc-20160816;
	b=HsYnP7pXELtFkSj7aBG5MhNad22LhkMZ9z+erU+6Zr7wa4yBBzFICSbLCYf46KK+te
	3rQ+MMpxCxQJJ6bCuGsiIxB7GOt5JrNr9Q1KRKSbu7zioyRgDTdryyeXonIovZfNzRCQ
	xtxgnwCIMqi296MbziDuAy8athdK4U6U0Vbxsn9/97Cpgbudbf0jTp1SAq8XieJBPrKc
	gLGe6Z3j83CFo2B1fh174lXDdiJ2yDhdE8cIvPBD+myTG/dqYkeSxQiawOmZTObg0Lhb
	6j1Qm33q7L74MKxKBMLPQKD2mY1+MSrkwc0K+Xt7FVRZTITdzjdXr9zcKIHlM/NOTK8o
	qVBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=message-id:date:subject:cc:to:from:arc-authentication-results;
	bh=7tVQ6YdTNJ4xaItcbXwok4dLaRFf0LmyYtfhTf1TUBI=;
	b=ZnVivQr+KRnM3qGRGHeL+BNInAFJl4GrsVUFS7ctSqVU2gU31MmTUkw0u/T5IcuGvY
	9koIYyhPMcwqIGa22ZcF6ILUM2IOg+4/A8rvkdbnGyNbVlhd8Kjzl1pXDHnBIl8AMlgw
	2wW/5+idkwtfCQc3UczGVBBlIvVRpcwYu6FnuTrJFxgJt8EKYvFOltMyrZ7TzFWw0xX0
	5C7yvyIlFXDYg5pAnChMeNtDzXsgn51qbHWqzj5u/VwxMhHExZbQJPCGqhUcSsfeh6H6
	MBLcr/gywyAXSkEdsfwRGPYnbg5rGCg9wdSnnFFBAqlpwv0vB19TePUd9VET7ZAWn0Rx
	v2xw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
	spf=pass (google.com: domain of christian.storm@siemens.com
	designates 192.35.17.2 as permitted sender)
	smtp.mailfrom=christian.storm@siemens.com
Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2])
	by gmr-mx.google.com with ESMTPS id
	n82si196471wma.2.2017.10.23.08.56.45
	for <swupdate@googlegroups.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 23 Oct 2017 08:56:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of christian.storm@siemens.com
	designates 192.35.17.2 as permitted sender)
	client-ip=192.35.17.2;
Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14])
	by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id v9NFujW0026644
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <swupdate@googlegroups.com>; Mon, 23 Oct 2017 17:56:45 +0200
Received: from MD1KR9XC.ww002.siemens.net ([139.25.69.251])
	by mail3.siemens.de (8.15.2/8.15.2) with ESMTP id v9NFuj5v025261;
	Mon, 23 Oct 2017 17:56:45 +0200
From: Christian Storm <christian.storm@siemens.com>
To: swupdate@googlegroups.com
Cc: Christian Storm <christian.storm@siemens.com>
Subject: [swupdate] [PATCH] parser: fail early if sha256 given and
	!CONFIG_HASH_VERIFY
Date: Mon, 23 Oct 2017 17:55:25 +0200
Message-Id: <20171023155525.19405-1-christian.storm@siemens.com>
X-Mailer: git-send-email 2.14.2
X-Original-Sender: christian.storm@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       spf=pass
	(google.com: domain of christian.storm@siemens.com designates
	192.35.17.2 as
	permitted sender) smtp.mailfrom=christian.storm@siemens.com
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
	contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
	<mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
	<mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
	<mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
	<https://groups.google.com/group/swupdate/subscribe>

Yield an error message and fail early if a hash (sha256) is
given but CONFIG_HASH_VERIFY is not enabled as core/util.c's
IsValidHash() will fail (silently) later anyway.

Signed-off-by: Christian Storm <christian.storm@siemens.com>
---
 core/parser.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/core/parser.c b/core/parser.c
index ce00bec..a1232bd 100644
--- a/core/parser.c
+++ b/core/parser.c
@@ -37,6 +37,21 @@ static parser_fn parsers[] = {
 	parse_external
 };
 
+#ifndef CONFIG_HASH_VERIFY
+static int check_hash_absent(struct imglist *list)
+{
+	struct img_type *image;
+	LIST_FOREACH(image, list, next) {
+		if (strnlen((const char *)image->sha256, SHA256_HASH_LENGTH) > 0) {
+			ERROR("hash verification not enabled but hash supplied for %s",
+				  image->fname);
+			return -EINVAL;
+		}
+	}
+	return 0;
+}
+#endif
+
 #ifdef CONFIG_SIGNED_IMAGES
 /*
  * Check that all images in a list have a valid hash
@@ -169,6 +184,12 @@ int parse(struct swupdate_cfg *sw, const char *descfile)
 	if (check_missing_hash(&sw->images) ||
 		check_missing_hash(&sw->scripts))
 		ret = -EINVAL;
+#else
+#ifndef CONFIG_HASH_VERIFY
+	if (check_hash_absent(&sw->images) ||
+		check_hash_absent(&sw->scripts))
+		ret = -EINVAL;
+#endif
 #endif
 
 	/*