Re: [PATCH] Check curve_name for null to avoid crash
On Tue, Feb 27, 2024 at 03:57:03PM -0800, Bob Wolff wrote: > If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent > into the ecdsa verify. Without the ecdsa,curve property, this function will > crash due to lack of checking the null pointer return. > > Signed-off-by: Bob Wolff Applied to u-boot/next, thanks! -- Tom signature.asc Description: PGP signature
Re: [PATCH] Check curve_name for null to avoid crash
Hey all, I think I addressed the nit of the missing blank line in my last email on this thread. Wondering if there's more action to be had on my part or if this just gets accepted etc. Thanks! Bob Wolff On Tue, Feb 27, 2024 at 3:57 PM Bob Wolff wrote: > If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent > into the ecdsa verify. Without the ecdsa,curve property, this function will > crash due to lack of checking the null pointer return. > > Signed-off-by: Bob Wolff > --- > > lib/ecdsa/ecdsa-verify.c | 5 + > 1 file changed, 5 insertions(+) > > diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c > index 0601700c4f..4d1835b598 100644 > --- a/lib/ecdsa/ecdsa-verify.c > +++ b/lib/ecdsa/ecdsa-verify.c > @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, > const void *fdt, int node) > int x_len, y_len; > > key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL); > + if (!key->curve_name) { > + debug("Error: ecdsa cannot get 'ecdsa,curve' property from > key. Likely not an ecdsa key.\n"); > + return -ENOMSG; > + } > + > key->size_bits = ecdsa_key_size(key->curve_name); > if (key->size_bits == 0) { > debug("Unknown ECDSA curve '%s'", key->curve_name); > -- > 2.39.3 (Apple Git-145) > >
[PATCH] Check curve_name for null to avoid crash
If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent into the ecdsa verify. Without the ecdsa,curve property, this function will crash due to lack of checking the null pointer return. Signed-off-by: Bob Wolff --- lib/ecdsa/ecdsa-verify.c | 5 + 1 file changed, 5 insertions(+) diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c index 0601700c4f..4d1835b598 100644 --- a/lib/ecdsa/ecdsa-verify.c +++ b/lib/ecdsa/ecdsa-verify.c @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node) int x_len, y_len; key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL); + if (!key->curve_name) { + debug("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely not an ecdsa key.\n"); + return -ENOMSG; + } + key->size_bits = ecdsa_key_size(key->curve_name); if (key->size_bits == 0) { debug("Unknown ECDSA curve '%s'", key->curve_name); -- 2.39.3 (Apple Git-145)
Re: [PATCH] Check curve_name for null to avoid crash
On 2/22/24 17:18, Bob Wolff wrote: If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent into the ecdsa verify. Without the ecdsa,curve property, this function will crash due to lack of checking the null pointer return. nit: there should be a blank line here Signed-off-by: Bob Wolff --- lib/ecdsa/ecdsa-verify.c | 5 + 1 file changed, 5 insertions(+) diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c index 0601700c4f..4d1835b598 100644 --- a/lib/ecdsa/ecdsa-verify.c +++ b/lib/ecdsa/ecdsa-verify.c @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node) int x_len, y_len; key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL); + if (!key->curve_name) { + debug("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely not an ecdsa key.\n"); + return -ENOMSG; + } + key->size_bits = ecdsa_key_size(key->curve_name); if (key->size_bits == 0) { debug("Unknown ECDSA curve '%s'", key->curve_name); Reviewed-by: Sean Anderson
[PATCH] Check curve_name for null to avoid crash
If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent into the ecdsa verify. Without the ecdsa,curve property, this function will crash due to lack of checking the null pointer return. Signed-off-by: Bob Wolff --- lib/ecdsa/ecdsa-verify.c | 5 + 1 file changed, 5 insertions(+) diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c index 0601700c4f..4d1835b598 100644 --- a/lib/ecdsa/ecdsa-verify.c +++ b/lib/ecdsa/ecdsa-verify.c @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node) int x_len, y_len; key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL); + if (!key->curve_name) { + debug("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely not an ecdsa key.\n"); + return -ENOMSG; + } + key->size_bits = ecdsa_key_size(key->curve_name); if (key->size_bits == 0) { debug("Unknown ECDSA curve '%s'", key->curve_name); -- 2.39.3 (Apple Git-145)