From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [BUG] ut lib lib_rsa_verify_valid crashes on qemu_arm if RSA_VERIFY_WITH_PKEY=y
Date: Tue, 9 Jun 2020 18:22:35 +0900 [thread overview]
Message-ID: <20200609092235.GA5322@laputa> (raw)
In-Reply-To: <00F26104-AE59-47A9-BF55-70DA79D9A738@gmx.de>
Heinrich,
On Tue, Jun 09, 2020 at 03:54:44AM +0000, Heinrich Schuchardt wrote:
> Am June 9, 2020 1:42:14 AM UTC schrieb AKASHI Takahiro <takahiro.akashi@linaro.org>:
> >Heinrich,
> >
> >On Mon, Jun 08, 2020 at 11:08:53PM +0200, Heinrich Schuchardt wrote:
> >> Hello Takahiro,
> >>
> >> when trying to execute command
> >>
> >> ut lib lib_rsa_verify_valid
> >>
> >> on qemu_arm_defconfig with CONFIG_UNIT_TEST=y and
> >> CONFIG_RSA_VERIFY_WITH_PKEY=y it crashes in
> >>
> >> free((void *)prop->modulus) called from
> >> rsa_free_key_prop() called from
> >> rsa_verify_key() called from
> >> rsa_verify_with_pkey().
> >>
> >> Without CONFIG_RSA_VERIFY_WITH_PKEY=y the problem does not occur.
> >> On qemu_arm64_defconfig the problem does not occur.
> >
> >I can't reproduce your problem on v2020.07-rc4 exactly with
> >qemu_arm64_defconfig + PKEY=y:
> >
> >U-Boot 2020.07-rc4-dirty (Jun 09 2020 - 10:33:30 +0900)
> >
> >...
> >
> >=> ut lib
> >Running 11 lib tests
> >Test: lib_asn1_pkcs7
> >Test: lib_asn1_pkey
> >Test: lib_asn1_x509
> >Test: lib_memcpy
> >Test: lib_memmove
> >Test: lib_memset
> >Test: lib_rsa_verify_invalid
> >Test: lib_rsa_verify_valid
> >Test: lib_test_bin2hex
> >Test: lib_test_hex2bin
> >Test: lib_test_hex_to_bin
> >Failures: 0
> >
> >
> >-Takahiro Akashi
>
> As said I only see the problem with 32 bit qemu_arm_defconfig.
Okay. I think that the size of rrtmp variable is not good enough
and when it is handed over to br_i32_decode(), it accidentally
destroys (*prop)->modulus.
Heiko's patch:
https://lists.denx.de/pipermail/u-boot/2020-May/413101.html
will also fix this issue, but I'm not yet confident that
the solution here, doubling max_rsa_size, is a right approach.
-Takahiro Akashi
> Best regards
>
> Heinrich
>
>
> >
> >> Could you, please, have a look.
> >>
> >> Best regards
> >>
> >> Heinrich
>
next prev parent reply other threads:[~2020-06-09 9:22 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-08 21:08 [BUG] ut lib lib_rsa_verify_valid crashes on qemu_arm if RSA_VERIFY_WITH_PKEY=y Heinrich Schuchardt
2020-06-09 1:42 ` AKASHI Takahiro
2020-06-09 3:54 ` Heinrich Schuchardt
2020-06-09 9:22 ` AKASHI Takahiro [this message]
2020-06-09 10:11 ` Heiko Stübner
2020-06-09 10:22 ` Heinrich Schuchardt
2020-06-09 10:45 ` Heiko Stübner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200609092235.GA5322@laputa \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.