[cbootimage PATCH V2] crypto: produce consistent hash for zero-length data

[cbootimage PATCH V2] crypto: produce consistent hash for zero-length data

[Stephen Warren]

From: Stephen Warren <swarren-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>

In real-world use-cases, hashing zero-length data likely never happens.
However, it is relevant when testing cbootimage with a dummy zero-length
bootloader binary, e.g.:

touch u-boot.bin
cbootimage -t30 ../tamonten-ng/tegra30.img.cfg tegra30-tec-ng.img

In this scenario, it's useful to create a consistent hash, so that one
can compare the resultant images before and after applying patches, to
check for regressions.

Hence, zero out the hash data so it has consistent content if it isn't
written to.

Signed-off-by: Stephen Warren <swarren-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
---
v2: clear region using calloc at allocation time, rather than memset
    at hash-calculation time.
---
 src/crypto.c      | 2 +-
 src/data_layout.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/crypto.c b/src/crypto.c
index 88de357..99e9f08 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -280,7 +280,7 @@ sign_bct(build_image_context *context,
 					bct) != 0)
 		return -ENODATA;
 
-	hash_buffer = malloc(hash_size);
+	hash_buffer = calloc(1, hash_size);
 	if (hash_buffer == NULL)
 		return -ENOMEM;
 	e = sign_data_block(bct + Offset, length, hash_buffer);
diff --git a/src/data_layout.c b/src/data_layout.c
index ae62126..cae4c37 100644
--- a/src/data_layout.c
+++ b/src/data_layout.c
@@ -391,7 +391,7 @@ write_bootloaders(build_image_context *context)
 	g_soc_config->get_value(token_bootloaders_max,
 			&bootloaders_max, context->bct);
 
-	hash_buffer = malloc(hash_size);
+	hash_buffer = calloc(1, hash_size);
 	if (hash_buffer == NULL)
 		return -ENOMEM;
 
-- 
1.8.1.5

Re: [cbootimage PATCH V2] crypto: produce consistent hash for zero-length data

[Thierry Reding]

[-- Attachment #1: Type: text/plain, Size: 1099 bytes --]

On Mon, Aug 26, 2013 at 04:12:50PM -0600, Stephen Warren wrote:
> From: Stephen Warren <swarren-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
> 
> In real-world use-cases, hashing zero-length data likely never happens.
> However, it is relevant when testing cbootimage with a dummy zero-length
> bootloader binary, e.g.:
> 
> touch u-boot.bin
> cbootimage -t30 ../tamonten-ng/tegra30.img.cfg tegra30-tec-ng.img
> 
> In this scenario, it's useful to create a consistent hash, so that one
> can compare the resultant images before and after applying patches, to
> check for regressions.
> 
> Hence, zero out the hash data so it has consistent content if it isn't
> written to.
> 
> Signed-off-by: Stephen Warren <swarren-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
> ---
> v2: clear region using calloc at allocation time, rather than memset
>     at hash-calculation time.
> ---
>  src/crypto.c      | 2 +-
>  src/data_layout.c | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Looks good:

Reviewed-by: Thierry Reding <treding-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

Re: [cbootimage PATCH V2] crypto: produce consistent hash for zero-length data

[Stephen Warren]

On 08/27/2013 01:48 AM, Thierry Reding wrote:
> On Mon, Aug 26, 2013 at 04:12:50PM -0600, Stephen Warren wrote:
>> From: Stephen Warren <swarren-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
>> 
>> In real-world use-cases, hashing zero-length data likely never
>> happens. However, it is relevant when testing cbootimage with a
>> dummy zero-length bootloader binary, e.g.:
>> 
>> touch u-boot.bin cbootimage -t30 ../tamonten-ng/tegra30.img.cfg
>> tegra30-tec-ng.img
>> 
>> In this scenario, it's useful to create a consistent hash, so
>> that one can compare the resultant images before and after
>> applying patches, to check for regressions.
>> 
>> Hence, zero out the hash data so it has consistent content if it
>> isn't written to.
...
> Looks good:
> 
> Reviewed-by: Thierry Reding <treding-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>

Thanks. I've pushed this out.