Hi Jeroen, On 30 July 2014 15:17, Jeroen Hofstee <[email protected]> wrote: > Hello Simon, > > >>> { >>> - uint32_t i; >>> + int i; >>> - for (i = key->len - 1; i >= 0; i--) { >>> + for (i = (int)key->len - 1; i >= 0; i--) { >>> if (num[i] < key->modulus[i]) >>> return 0; >>> if (num[i] > key->modulus[i]) >> >> >> I did indeed not post a patch, since I do not know how this code >> is used and how critical it is. And I still haven't bothered to look it >> up. >> >> So just a general comment, which might not make any sense >> at all for the actual usage. If num can somehow be controlled by an > > > I meant key->len here of course ^
OK I see. Well the key length is range-checked in pow_mod(). If a key length of 0 were used, it would not be a valid signature - this function might do strange things. But the key length has to match the public key, so something like that would juts cause a verification failure higher up the stack. Regards, Simon _______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
