From 7dd0a3036112786808c6fb6f0819e37716bb62d9 Mon Sep 17 00:00:00 2001
From: Vladimir Serbinenko <phcoder@gmail.com>
Date: Wed, 20 Nov 2013 20:09:18 +0100
Subject: [PATCH] 	* grub-core/lib/crypto.c (grub_crypto_hash): Remove
 variable length 	array.

---
 ChangeLog              |  5 +++++
 grub-core/lib/crypto.c |  5 ++++-
 include/grub/crypto.h  |  1 +
 util/import_gcry.py    | 11 +++++++++++
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 0c70fde9f..4c410bcb2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-11-20  Vladimir Serbinenko  <phcoder@gmail.com>
+
+	* grub-core/lib/crypto.c (grub_crypto_hash): Remove variable length
+	array.
+
 2013-11-20  Vladimir Serbinenko  <phcoder@gmail.com>
 
 	* util/grub-mkconfig.in: Say explicit "grub configuration" rather
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index e31afb745..b7c997499 100644
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -125,7 +125,10 @@ void
 grub_crypto_hash (const gcry_md_spec_t *hash, void *out, const void *in,
 		  grub_size_t inlen)
 {
-  grub_uint8_t ctx[hash->contextsize];
+  GRUB_PROPERLY_ALIGNED_ARRAY (ctx, GRUB_CRYPTO_MAX_MD_CONTEXT_SIZE);
+
+  if (hash->contextsize > sizeof (ctx))
+    grub_fatal ("Too large md context");
   hash->init (&ctx);
   hash->write (&ctx, in, inlen);
   hash->final (&ctx);
diff --git a/include/grub/crypto.h b/include/grub/crypto.h
index d7ba697c6..3739c6a4b 100644
--- a/include/grub/crypto.h
+++ b/include/grub/crypto.h
@@ -88,6 +88,7 @@ enum gcry_cipher_modes
 /* Don't rely on this. Check!  */
 #define GRUB_CRYPTO_MAX_MDLEN 64
 #define GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE 16
+#define GRUB_CRYPTO_MAX_MD_CONTEXT_SIZE 256
 
 /* Type for the cipher_setkey function.  */
 typedef gcry_err_code_t (*gcry_cipher_setkey_t) (void *c,
diff --git a/util/import_gcry.py b/util/import_gcry.py
index a197b3141..1319a8ca8 100644
--- a/util/import_gcry.py
+++ b/util/import_gcry.py
@@ -137,11 +137,13 @@ for cipher_file in cipher_files:
 
         ciphernames = []
         mdnames = []
+        mdctxsizes = []
         pknames = []
         hold = False
         skip = 0
         skip2 = False
         ismd = False
+        mdarg = 0
         ispk = False
         iscipher = False
         iscryptostart = False
@@ -174,6 +176,11 @@ for cipher_file in cipher_files:
                     sg = s.groups()[0]
                     cryptolist.write (("%s: %s\n") % (sg, modname))
                     iscryptostart = False
+            if ismd:
+                spl = line.split (",")
+                if mdarg + len (spl) > 9 and mdarg <= 9 and ("sizeof" in spl[9-mdarg]):
+                    mdctxsizes.append (spl[9-mdarg].lstrip ().rstrip())
+                mdarg = mdarg + len (spl) - 1
             if ismd or iscipher or ispk:
                 if not re.search (" *};", line) is None:
                     if not iscomma:
@@ -189,6 +196,7 @@ for cipher_file in cipher_files:
                         fw.write ("    .blocksize = %s\n"
                                   % mdblocksizes [mdname])
                     ismd = False
+                    mdarg = 0
                     iscipher = False
                     ispk = False
                 iscomma = not re.search (",$", line) is None
@@ -283,6 +291,7 @@ for cipher_file in cipher_files:
                 mdname = re.match("[a-zA-Z0-9_]*",mdname).group ()
                 mdnames.append (mdname)
                 ismd = True
+                mdarg = 0
                 iscryptostart = True
             m = re.match ("static const char \*selftest.*;$", line)
             if not m is None:
@@ -423,6 +432,8 @@ for cipher_file in cipher_files:
                 chmsg = "Register cipher %s" % ciphername
                 chlognew = "%s\n	%s" % (chlognew, chmsg)
                 fw.write ("  grub_cipher_register (&%s);\n" % ciphername)
+            for ctxsize in mdctxsizes:
+                fw.write ("  COMPILE_TIME_ASSERT(%s <= GRUB_CRYPTO_MAX_MD_CONTEXT_SIZE);\n" % ctxsize)
             for mdname in mdnames:
                 chmsg = "Register digest %s" % mdname
                 chlognew = "%s\n	%s" % (chlognew, chmsg)