Place TLV size into TLV itself

To allow the signatures to be replaced, move the size of the TLV into a
small "info" header at the start of the TLV.

Note that this causes image swapping to lose robustness.  This is fixed
by a later commit.

Based on work by Marko Kiiskila <marko@runtime.io>

Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
JIRA: MCUB-65
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index 8004533..003620c 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -146,6 +146,7 @@
     uint32_t off;
     uint32_t size;
     int sha256_valid = 0;
+    struct image_tlv_info info;
 #ifdef EXPECTED_SIG_TLV
     int valid_signature = 0;
     int key_id = -1;
@@ -165,9 +166,19 @@
         memcpy(out_hash, hash, 32);
     }
 
+    /* The TLVs come after the image. */
     /* After image there are TLVs. */
     off = hdr->ih_img_size + hdr->ih_hdr_size;
-    size = off + hdr->ih_tlv_size;
+
+    rc = flash_area_read(fap, off, &info, sizeof(info));
+    if (rc) {
+            return rc;
+    }
+    if (info.it_magic != IMAGE_TLV_INFO_MAGIC) {
+            return -1;
+    }
+    size = off + info.it_tlv_tot;
+    off += sizeof(info);
 
     /*
      * Traverse through all of the TLVs, performing any checks we know