From: Jeroen Hofstee <jeroen@myspectrum.nl>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH] rsa: Fix two errors in the implementation
Date: Wed, 30 Jul 2014 22:34:54 +0200 [thread overview]
Message-ID: <53D956EE.20202@myspectrum.nl> (raw)
In-Reply-To: <1406736017-4554-1-git-send-email-sjg@chromium.org>
Hello Simon,
On 30-07-14 18:00, Simon Glass wrote:
> 1. Failure to set the return code correctly
> 2. Failure to detect the loop end condition when the value is equal to
> the modulus.
>
> Reported-by: Jeroen Hofstee <jeroen@myspectrum.nl>
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
>
> lib/rsa/rsa-sign.c | 1 +
> lib/rsa/rsa-verify.c | 4 ++--
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
> index 83f5e87..6905131 100644
> --- a/lib/rsa/rsa-sign.c
> +++ b/lib/rsa/rsa-sign.c
> @@ -76,6 +76,7 @@ static int rsa_get_pub_key(const char *keydir, const char *name, RSA **rsap)
> rsa = EVP_PKEY_get1_RSA(key);
> if (!rsa) {
> rsa_err("Couldn't convert to a RSA style key");
> + ret = -EINVAL;
> goto err_rsa;
> }
> fclose(f);
> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> index bcb9063..02e3eeb 100644
> --- a/lib/rsa/rsa-verify.c
> +++ b/lib/rsa/rsa-verify.c
> @@ -54,9 +54,9 @@ static void subtract_modulus(const struct rsa_public_key *key, uint32_t num[])
> static int greater_equal_modulus(const struct rsa_public_key *key,
> uint32_t num[])
> {
> - uint32_t i;
> + int i;
>
> - for (i = key->len - 1; i >= 0; i--) {
> + for (i = (int)key->len - 1; i >= 0; i--) {
> if (num[i] < key->modulus[i])
> return 0;
> if (num[i] > key->modulus[i])
I did indeed not post a patch, since I do not know how this code
is used and how critical it is. And I still haven't bothered to look it
up.
So just a general comment, which might not make any sense
at all for the actual usage. If num can somehow be controlled by an
evil source, passing a large enough value or 0 now causes this
function to return equal. I have no idea if this causes any practical
issue.
Warnings / error wise, this seems fine, thanks!
Regards,
Jeroen
next prev parent reply other threads:[~2014-07-30 20:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-30 16:00 [U-Boot] [PATCH] rsa: Fix two errors in the implementation Simon Glass
2014-07-30 20:34 ` Jeroen Hofstee [this message]
2014-07-30 21:17 ` Jeroen Hofstee
2014-08-04 10:10 ` Simon Glass
2014-08-10 22:23 ` [U-Boot] " Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53D956EE.20202@myspectrum.nl \
--to=jeroen@myspectrum.nl \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.