[PATCH] Add optional salt to AUTOBOOT_STOP_STR_SHA256

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] Add optional salt to AUTOBOOT_STOP_STR_SHA256

Joel Peshkin
From: Joel Peshkin <[hidden email]>

Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256.   If a string
followed by a ":" is prepended to the sha256, the portion to the left
of the colon will be used as a salt and the password will be appended
to the salt before the sha256 is computed and compared.

Signed-off-by: Joel Peshkin <[hidden email]>
---
 common/Kconfig.boot |  5 ++++-
 common/autoboot.c   | 10 +++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 3f6d9c1..8a98672 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -819,7 +819,10 @@ config AUTOBOOT_STOP_STR_SHA256
   This option adds the feature to only stop the autobooting,
   and therefore boot into the U-Boot prompt, when the input
   string / password matches a values that is encypted via
-  a SHA256 hash and saved in the environment.
+  a SHA256 hash and saved in the environment variable
+  "bootstopkeysha256". If the value in that variable
+  includes a ":", the portion prior to the ":" will be treated
+  as a salt value.
 
 config AUTOBOOT_USE_MENUKEY
  bool "Allow a specify key to run a menu from the environment"
diff --git a/common/autoboot.c b/common/autoboot.c
index e628baf..0c4e6ff 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -80,6 +80,7 @@ static int passwd_abort_sha256(uint64_t etime)
  u8 sha_env[SHA256_SUM_LEN];
  u8 *sha;
  char *presskey;
+ char *c;
  const char *algo_name = "sha256";
  u_int presskey_len = 0;
  int abort = 0;
@@ -89,6 +90,14 @@ static int passwd_abort_sha256(uint64_t etime)
  if (sha_env_str == NULL)
  sha_env_str = AUTOBOOT_STOP_STR_SHA256;
 
+ presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
+ c = strstr(sha_env_str, ":");
+ if (c) {
+ /* preload presskey with salt */
+ memcpy(presskey, sha_env_str, c - sha_env_str);
+ presskey_len += c - sha_env_str;
+ sha_env_str = c + 1;
+ }
  /*
  * Generate the binary value from the environment hash value
  * so that we can compare this value with the computed hash
@@ -100,7 +109,6 @@ static int passwd_abort_sha256(uint64_t etime)
  return 0;
  }
 
- presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
  sha = malloc_cache_aligned(SHA256_SUM_LEN);
  size = SHA256_SUM_LEN;
  /*
--
1.8.3.1


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Add optional salt to AUTOBOOT_STOP_STR_SHA256

Heinrich Schuchardt
On 11/20/20 2:41 AM, Joel Peshkin wrote:

> From: Joel Peshkin <[hidden email]>
>
> Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256.   If a string
> followed by a ":" is prepended to the sha256, the portion to the left
> of the colon will be used as a salt and the password will be appended
> to the salt before the sha256 is computed and compared.
>
> Signed-off-by: Joel Peshkin <[hidden email]>
> ---
>   common/Kconfig.boot |  5 ++++-
>   common/autoboot.c   | 10 +++++++++-
>   2 files changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> index 3f6d9c1..8a98672 100644
> --- a/common/Kconfig.boot
> +++ b/common/Kconfig.boot
> @@ -819,7 +819,10 @@ config AUTOBOOT_STOP_STR_SHA256
>    This option adds the feature to only stop the autobooting,
>    and therefore boot into the U-Boot prompt, when the input
>    string / password matches a values that is encypted via
> -  a SHA256 hash and saved in the environment.
> +  a SHA256 hash and saved in the environment variable
> +  "bootstopkeysha256". If the value in that variable
> +  includes a ":", the portion prior to the ":" will be treated
> +  as a salt value.
>
>   config AUTOBOOT_USE_MENUKEY
>   bool "Allow a specify key to run a menu from the environment"
> diff --git a/common/autoboot.c b/common/autoboot.c
> index e628baf..0c4e6ff 100644
> --- a/common/autoboot.c
> +++ b/common/autoboot.c
> @@ -80,6 +80,7 @@ static int passwd_abort_sha256(uint64_t etime)
>   u8 sha_env[SHA256_SUM_LEN];
>   u8 *sha;
>   char *presskey;
> + char *c;
>   const char *algo_name = "sha256";
>   u_int presskey_len = 0;
>   int abort = 0;
> @@ -89,6 +90,14 @@ static int passwd_abort_sha256(uint64_t etime)
>   if (sha_env_str == NULL)
>   sha_env_str = AUTOBOOT_STOP_STR_SHA256;
>
> + presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
> + c = strstr(sha_env_str, ":");
> + if (c) {
> + /* preload presskey with salt */
> + memcpy(presskey, sha_env_str, c - sha_env_str);

Dear Joel,

thank you for your contribution helping to fend of password attacks
using lookup-tables for hashes.

Please, safeguard against

     c - sha_env_str > MAX_DELAY_STOP_STR

to avoid a possible buffer overflow.

We have

     #define MAX_DELAY_STOP_STR 32

Shouldn't this value be enlarged to encompass a salt with 256 bits of
randomness (matching the SHA256 algorithm)? If you encode 6 bits of
entropy in each character, you need 43 characters for the salt and 43
characters for the password.

> + presskey_len += c - sha_env_str;

This would be more readable:

     presskey_len = c - sha_env_str;

Best regards

Heinrich

> + sha_env_str = c + 1;
> + }
>   /*
>   * Generate the binary value from the environment hash value
>   * so that we can compare this value with the computed hash
> @@ -100,7 +109,6 @@ static int passwd_abort_sha256(uint64_t etime)
>   return 0;
>   }
>
> - presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
>   sha = malloc_cache_aligned(SHA256_SUM_LEN);
>   size = SHA256_SUM_LEN;
>   /*
>

Reply | Threaded
Open this post in threaded view
|

[PATCH v2] Add optional salt to AUTOBOOT_STOP_STR_SHA256

Joel Peshkin
In reply to this post by Joel Peshkin
From: Joel Peshkin <[hidden email]>

Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256.   If a string
followed by a ":" is prepended to the sha256, the portion to the left
of the colon will be used as a salt and the password will be appended
to the salt before the sha256 is computed and compared.

Signed-off-by: Joel Peshkin <[hidden email]>
Cc: Simon Glass <[hidden email]>
Cc: Bin Meng <[hidden email]>
Cc: Patrick Delaunay <[hidden email]>
Cc: Heiko Schocher <[hidden email]>
Cc: [hidden email]
Cc: Heinrich Schuchardt <[hidden email]>
Cc: Joel Peshkin <[hidden email]>
To: [hidden email]

---
Changes for v2:
   - Increase MAX_DELAY_STOP_STR
   - Check salt size against MAX_DELAY_STOP_STR before copying
   - Minor cleanup
---
 common/Kconfig.boot |  5 ++++-
 common/autoboot.c   | 12 ++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 3f6d9c1..8a98672 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -819,7 +819,10 @@ config AUTOBOOT_STOP_STR_SHA256
   This option adds the feature to only stop the autobooting,
   and therefore boot into the U-Boot prompt, when the input
   string / password matches a values that is encypted via
-  a SHA256 hash and saved in the environment.
+  a SHA256 hash and saved in the environment variable
+  "bootstopkeysha256". If the value in that variable
+  includes a ":", the portion prior to the ":" will be treated
+  as a salt value.
 
 config AUTOBOOT_USE_MENUKEY
  bool "Allow a specify key to run a menu from the environment"
diff --git a/common/autoboot.c b/common/autoboot.c
index e628baf..982b561 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -25,7 +25,7 @@
 
 DECLARE_GLOBAL_DATA_PTR;
 
-#define MAX_DELAY_STOP_STR 32
+#define MAX_DELAY_STOP_STR 64
 
 #ifndef DEBUG_BOOTKEYS
 #define DEBUG_BOOTKEYS 0
@@ -80,6 +80,7 @@ static int passwd_abort_sha256(uint64_t etime)
  u8 sha_env[SHA256_SUM_LEN];
  u8 *sha;
  char *presskey;
+ char *c;
  const char *algo_name = "sha256";
  u_int presskey_len = 0;
  int abort = 0;
@@ -89,6 +90,14 @@ static int passwd_abort_sha256(uint64_t etime)
  if (sha_env_str == NULL)
  sha_env_str = AUTOBOOT_STOP_STR_SHA256;
 
+ presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
+ c = strstr(sha_env_str, ":");
+ if ((c) && (c - sha_env_str < MAX_DELAY_STOP_STR)) {
+ /* preload presskey with salt */
+ memcpy(presskey, sha_env_str, c - sha_env_str);
+ presskey_len = c - sha_env_str;
+ sha_env_str = c + 1;
+ }
  /*
  * Generate the binary value from the environment hash value
  * so that we can compare this value with the computed hash
@@ -100,7 +109,6 @@ static int passwd_abort_sha256(uint64_t etime)
  return 0;
  }
 
- presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
  sha = malloc_cache_aligned(SHA256_SUM_LEN);
  size = SHA256_SUM_LEN;
  /*
--
1.8.3.1


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2] Add optional salt to AUTOBOOT_STOP_STR_SHA256

Joel Peshkin
Hi Heinrich,

   Thank you for the review.   I increased the max size to 64 characters.
 The size, in the end, is the size of the salt plus the size of the
password the human user would type.   In most places I have seen salt used,
it is only a few characters (modern Linux password databases use 8) and the
actual password (as opposed to its sha256) is unlikely to be more than 15
characters.

Regards,

Joel


On Fri, Nov 20, 2020 at 10:05 AM Joel Peshkin <[hidden email]>
wrote:

> From: Joel Peshkin <[hidden email]>
>
> Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256.   If a string
> followed by a ":" is prepended to the sha256, the portion to the left
> of the colon will be used as a salt and the password will be appended
> to the salt before the sha256 is computed and compared.
>
> Signed-off-by: Joel Peshkin <[hidden email]>
> Cc: Simon Glass <[hidden email]>
> Cc: Bin Meng <[hidden email]>
> Cc: Patrick Delaunay <[hidden email]>
> Cc: Heiko Schocher <[hidden email]>
> Cc: [hidden email]
> Cc: Heinrich Schuchardt <[hidden email]>
> Cc: Joel Peshkin <[hidden email]>
> To: [hidden email]
>
> ---
> Changes for v2:
>    - Increase MAX_DELAY_STOP_STR
>    - Check salt size against MAX_DELAY_STOP_STR before copying
>    - Minor cleanup
> ---
>  common/Kconfig.boot |  5 ++++-
>  common/autoboot.c   | 12 ++++++++++--
>  2 files changed, 14 insertions(+), 3 deletions(-)
>
> diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> index 3f6d9c1..8a98672 100644
> --- a/common/Kconfig.boot
> +++ b/common/Kconfig.boot
> @@ -819,7 +819,10 @@ config AUTOBOOT_STOP_STR_SHA256
>           This option adds the feature to only stop the autobooting,
>           and therefore boot into the U-Boot prompt, when the input
>           string / password matches a values that is encypted via
> -         a SHA256 hash and saved in the environment.
> +         a SHA256 hash and saved in the environment variable
> +         "bootstopkeysha256". If the value in that variable
> +         includes a ":", the portion prior to the ":" will be treated
> +         as a salt value.
>
>  config AUTOBOOT_USE_MENUKEY
>         bool "Allow a specify key to run a menu from the environment"
> diff --git a/common/autoboot.c b/common/autoboot.c
> index e628baf..982b561 100644
> --- a/common/autoboot.c
> +++ b/common/autoboot.c
> @@ -25,7 +25,7 @@
>
>  DECLARE_GLOBAL_DATA_PTR;
>
> -#define MAX_DELAY_STOP_STR 32
> +#define MAX_DELAY_STOP_STR 64
>
>  #ifndef DEBUG_BOOTKEYS
>  #define DEBUG_BOOTKEYS 0
> @@ -80,6 +80,7 @@ static int passwd_abort_sha256(uint64_t etime)
>         u8 sha_env[SHA256_SUM_LEN];
>         u8 *sha;
>         char *presskey;
> +       char *c;
>         const char *algo_name = "sha256";
>         u_int presskey_len = 0;
>         int abort = 0;
> @@ -89,6 +90,14 @@ static int passwd_abort_sha256(uint64_t etime)
>         if (sha_env_str == NULL)
>                 sha_env_str = AUTOBOOT_STOP_STR_SHA256;
>
> +       presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
> +       c = strstr(sha_env_str, ":");
> +       if ((c) && (c - sha_env_str < MAX_DELAY_STOP_STR)) {
> +               /* preload presskey with salt */
> +               memcpy(presskey, sha_env_str, c - sha_env_str);
> +               presskey_len = c - sha_env_str;
> +               sha_env_str = c + 1;
> +       }
>         /*
>          * Generate the binary value from the environment hash value
>          * so that we can compare this value with the computed hash
> @@ -100,7 +109,6 @@ static int passwd_abort_sha256(uint64_t etime)
>                 return 0;
>         }
>
> -       presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
>         sha = malloc_cache_aligned(SHA256_SUM_LEN);
>         size = SHA256_SUM_LEN;
>         /*
> --
> 1.8.3.1
>
>

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v2] Add optional salt to AUTOBOOT_STOP_STR_SHA256

Simon Glass-3
In reply to this post by Joel Peshkin
On Fri, 20 Nov 2020 at 12:05, Joel Peshkin <[hidden email]> wrote:

>
> From: Joel Peshkin <[hidden email]>
>
> Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256.   If a string
> followed by a ":" is prepended to the sha256, the portion to the left
> of the colon will be used as a salt and the password will be appended
> to the salt before the sha256 is computed and compared.
>
> Signed-off-by: Joel Peshkin <[hidden email]>
> Cc: Simon Glass <[hidden email]>
> Cc: Bin Meng <[hidden email]>
> Cc: Patrick Delaunay <[hidden email]>
> Cc: Heiko Schocher <[hidden email]>
> Cc: [hidden email]
> Cc: Heinrich Schuchardt <[hidden email]>
> Cc: Joel Peshkin <[hidden email]>
> To: [hidden email]
>
> ---
> Changes for v2:
>    - Increase MAX_DELAY_STOP_STR
>    - Check salt size against MAX_DELAY_STOP_STR before copying
>    - Minor cleanup
> ---
>  common/Kconfig.boot |  5 ++++-
>  common/autoboot.c   | 12 ++++++++++--
>  2 files changed, 14 insertions(+), 3 deletions(-)

Reviewed-by: Simon Glass <[hidden email]>

Please see below

>
> diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> index 3f6d9c1..8a98672 100644
> --- a/common/Kconfig.boot
> +++ b/common/Kconfig.boot
> @@ -819,7 +819,10 @@ config AUTOBOOT_STOP_STR_SHA256
>           This option adds the feature to only stop the autobooting,
>           and therefore boot into the U-Boot prompt, when the input
>           string / password matches a values that is encypted via
> -         a SHA256 hash and saved in the environment.
> +         a SHA256 hash and saved in the environment variable
> +         "bootstopkeysha256". If the value in that variable
> +         includes a ":", the portion prior to the ":" will be treated
> +         as a salt value.
>
>  config AUTOBOOT_USE_MENUKEY
>         bool "Allow a specify key to run a menu from the environment"
> diff --git a/common/autoboot.c b/common/autoboot.c
> index e628baf..982b561 100644
> --- a/common/autoboot.c
> +++ b/common/autoboot.c
> @@ -25,7 +25,7 @@
>
>  DECLARE_GLOBAL_DATA_PTR;
>
> -#define MAX_DELAY_STOP_STR 32
> +#define MAX_DELAY_STOP_STR 64
>
>  #ifndef DEBUG_BOOTKEYS
>  #define DEBUG_BOOTKEYS 0
> @@ -80,6 +80,7 @@ static int passwd_abort_sha256(uint64_t etime)
>         u8 sha_env[SHA256_SUM_LEN];
>         u8 *sha;
>         char *presskey;
> +       char *c;
>         const char *algo_name = "sha256";
>         u_int presskey_len = 0;
>         int abort = 0;
> @@ -89,6 +90,14 @@ static int passwd_abort_sha256(uint64_t etime)
>         if (sha_env_str == NULL)
>                 sha_env_str = AUTOBOOT_STOP_STR_SHA256;
>
> +       presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
> +       c = strstr(sha_env_str, ":");
> +       if ((c) && (c - sha_env_str < MAX_DELAY_STOP_STR)) {

Use c instead of (c)


> +               /* preload presskey with salt */
> +               memcpy(presskey, sha_env_str, c - sha_env_str);
> +               presskey_len = c - sha_env_str;
> +               sha_env_str = c + 1;
> +       }
>         /*
>          * Generate the binary value from the environment hash value
>          * so that we can compare this value with the computed hash
> @@ -100,7 +109,6 @@ static int passwd_abort_sha256(uint64_t etime)
>                 return 0;
>         }
>
> -       presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
>         sha = malloc_cache_aligned(SHA256_SUM_LEN);
>         size = SHA256_SUM_LEN;
>         /*
> --
> 1.8.3.1
>
Reply | Threaded
Open this post in threaded view
|

[PATCH v3] Add optional salt to AUTOBOOT_STOP_STR_SHA256

Joel Peshkin
In reply to this post by Joel Peshkin
Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256.   If a string
followed by a ":" is prepended to the sha256, the portion to the left
of the colon will be used as a salt and the password will be appended
to the salt before the sha256 is computed and compared.

Signed-off-by: Joel Peshkin <[hidden email]>
Cc: Simon Glass <[hidden email]>
Cc: Bin Meng <[hidden email]>
Cc: Patrick Delaunay <[hidden email]>
Cc: Heiko Schocher <[hidden email]>
Cc: Heinrich Schuchardt <[hidden email]>
Cc: Joel Peshkin <[hidden email]>
To: [hidden email]

---
Changes for v2:
   - Increase MAX_DELAY_STOP_STR
   - Check salt size against MAX_DELAY_STOP_STR before copying
   - Minor cleanup
Changes for v3:
   - Cleanup changing (c) to c after review feedback
---
 common/Kconfig.boot |  5 ++++-
 common/autoboot.c   | 12 ++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 3f6d9c1..8a98672 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -819,7 +819,10 @@ config AUTOBOOT_STOP_STR_SHA256
   This option adds the feature to only stop the autobooting,
   and therefore boot into the U-Boot prompt, when the input
   string / password matches a values that is encypted via
-  a SHA256 hash and saved in the environment.
+  a SHA256 hash and saved in the environment variable
+  "bootstopkeysha256". If the value in that variable
+  includes a ":", the portion prior to the ":" will be treated
+  as a salt value.
 
 config AUTOBOOT_USE_MENUKEY
  bool "Allow a specify key to run a menu from the environment"
diff --git a/common/autoboot.c b/common/autoboot.c
index e628baf..ddb6246 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -25,7 +25,7 @@
 
 DECLARE_GLOBAL_DATA_PTR;
 
-#define MAX_DELAY_STOP_STR 32
+#define MAX_DELAY_STOP_STR 64
 
 #ifndef DEBUG_BOOTKEYS
 #define DEBUG_BOOTKEYS 0
@@ -80,6 +80,7 @@ static int passwd_abort_sha256(uint64_t etime)
  u8 sha_env[SHA256_SUM_LEN];
  u8 *sha;
  char *presskey;
+ char *c;
  const char *algo_name = "sha256";
  u_int presskey_len = 0;
  int abort = 0;
@@ -89,6 +90,14 @@ static int passwd_abort_sha256(uint64_t etime)
  if (sha_env_str == NULL)
  sha_env_str = AUTOBOOT_STOP_STR_SHA256;
 
+ presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
+ c = strstr(sha_env_str, ":");
+ if (c && (c - sha_env_str < MAX_DELAY_STOP_STR)) {
+ /* preload presskey with salt */
+ memcpy(presskey, sha_env_str, c - sha_env_str);
+ presskey_len = c - sha_env_str;
+ sha_env_str = c + 1;
+ }
  /*
  * Generate the binary value from the environment hash value
  * so that we can compare this value with the computed hash
@@ -100,7 +109,6 @@ static int passwd_abort_sha256(uint64_t etime)
  return 0;
  }
 
- presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
  sha = malloc_cache_aligned(SHA256_SUM_LEN);
  size = SHA256_SUM_LEN;
  /*
--
1.8.3.1


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v3] Add optional salt to AUTOBOOT_STOP_STR_SHA256

Simon Glass-3
On Sat, 21 Nov 2020 at 18:19, Joel Peshkin <[hidden email]> wrote:

>
> Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256.   If a string
> followed by a ":" is prepended to the sha256, the portion to the left
> of the colon will be used as a salt and the password will be appended
> to the salt before the sha256 is computed and compared.
>
> Signed-off-by: Joel Peshkin <[hidden email]>
> Cc: Simon Glass <[hidden email]>
> Cc: Bin Meng <[hidden email]>
> Cc: Patrick Delaunay <[hidden email]>
> Cc: Heiko Schocher <[hidden email]>
> Cc: Heinrich Schuchardt <[hidden email]>
> Cc: Joel Peshkin <[hidden email]>
> To: [hidden email]
>
> ---
> Changes for v2:
>    - Increase MAX_DELAY_STOP_STR
>    - Check salt size against MAX_DELAY_STOP_STR before copying
>    - Minor cleanup
> Changes for v3:
>    - Cleanup changing (c) to c after review feedback
> ---
>  common/Kconfig.boot |  5 ++++-
>  common/autoboot.c   | 12 ++++++++++--
>  2 files changed, 14 insertions(+), 3 deletions(-)
>

Reviewed-by: Simon Glass <[hidden email]>

(as I don't see it in v2)
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v3] Add optional salt to AUTOBOOT_STOP_STR_SHA256

Heiko Schocher denx
In reply to this post by Joel Peshkin
Hello Joel,

Am 22.11.20 um 02:18 schrieb Joel Peshkin:

> Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256.   If a string
> followed by a ":" is prepended to the sha256, the portion to the left
> of the colon will be used as a salt and the password will be appended
> to the salt before the sha256 is computed and compared.
>
> Signed-off-by: Joel Peshkin <[hidden email]>
> Cc: Simon Glass <[hidden email]>
> Cc: Bin Meng <[hidden email]>
> Cc: Patrick Delaunay <[hidden email]>
> Cc: Heiko Schocher <[hidden email]>
> Cc: Heinrich Schuchardt <[hidden email]>
> Cc: Joel Peshkin <[hidden email]>
> To: [hidden email]
>
> ---
> Changes for v2:
>    - Increase MAX_DELAY_STOP_STR
>    - Check salt size against MAX_DELAY_STOP_STR before copying
>    - Minor cleanup
> Changes for v3:
>    - Cleanup changing (c) to c after review feedback
> ---
>  common/Kconfig.boot |  5 ++++-
>  common/autoboot.c   | 12 ++++++++++--
>  2 files changed, 14 insertions(+), 3 deletions(-)

Reviewed-by: Heiko Schocher <[hidden email]>

bye,
Heiko
--
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-52   Fax: +49-8142-66989-80   Email: [hidden email]