From mboxrd@z Thu Jan  1 00:00:00 1970
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
Date: Tue, 8 Sep 2020 09:21:59 +0900
Subject: [BUG] rsa: crash in br_i32_decode() called from rsa_gen_key_prop()
In-Reply-To: <61085ee5-a5ef-2164-ef56-6ab2d7d8da64@gmx.de>
References: <61085ee5-a5ef-2164-ef56-6ab2d7d8da64@gmx.de>
Message-ID: <20200908002159.GA1814894@laputa>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On Mon, Sep 07, 2020 at 05:58:14PM +0200, Heinrich Schuchardt wrote:
> Hello Takahiro,
> 
> on the 32bit Wandboard (with i.mx6 CPU) running the lib_asn1_pkcs7 unit
> test results in a crash due to an unaligned access occurring when
> br_i32_decode() is called by rsa_gen_key_prop().

Some guy has sent me a similar bug report about unaligned access
in rsa-keyprop.c.
I will ask him to post a patch as he seems to have fixed it.

-Takahiro Akashi


> Please, check the alignment assumptions for src when calling
> br_i32_decode(). If src is only 1 byte aligned, you should neither call
> be32_to_cpup() nor be16_to_cpup() which assume 32bit and 16bit alignment.
> 
> 
> ----Running lib tests----
> Running 14 lib tests
> Test: lib_asn1_pkcs7
> data abort
> pc : [<8efb3a8e>]          lr : [<8efb3bbd>]
> reloc pc : [<17845a8e>]    lr : [<17845bbd>]
> sp : 8e561330  ip : 00000001     fp : 8efd9d66
> r10: 8e58f040  r9 : 8e56dec0     r8 : 8e588748
> r7 : 00000001  r6 : 8e58f350     r5 : 8e58f350  r4 : 8e58f350
> r3 : 000000fc  r2 : 00000100     r1 : 8e58ee49  r0 : 8e58f350
> Flags: nzCv  IRQs off  FIQs off  Mode SVC_32 (T)
> Code: ea43 4302 e7a2 3b04 (58c8) ba00
> Resetting CPU ...
> 
> resetting ...
> 
> 
> 
> br_i32_decode():
> 
>         return be16_to_cpup(src);
> 17845a84:       b29b            uxth    r3, r3
>                                         w = ((uint32_t)buf[0] << 16)
> 17845a86:       ea43 4302       orr.w   r3, r3, r2, lsl #16
> 17845a8a:       e7a2            b.n     178459d2 <br_i32_decode+0x24>
>                         u -= 4;
> 17845a8c:       3b04            subs    r3, #4
>         return __arch__swab32p(x);
> 17845a8e:       58c8            ldr     r0, [r1, r3]  <<<<<<<<<<<<<<
> 17845a90:       ba00            rev     r0, r0
>                         x[v ++] = br_dec32be(buf + u);
> 17845a92:       f845 0f04       str.w   r0, [r5, #4]!
>                 if (u < 4) {
> 17845a96:       e78f            b.n     178459b8 <br_i32_decode+0xa>
>         return y ^ (-ctl & (x ^ y));
> 
> 
> rsa_gen_key_prop():
> 
>         /* n0 inverse */
>         br_i32_decode(n, &rsa_key.n[i], rsa_key.n_sz - i);
> 17845bac:       9910            ldr     r1, [sp, #64]   ; 0x40
>         (*prop)->exp_len = sizeof(uint64_t);
> 17845bae:       615a            str     r2, [r3, #20]
>         br_i32_decode(n, &rsa_key.n[i], rsa_key.n_sz - i);
> 17845bb0:       9a18            ldr     r2, [sp, #96]   ; 0x60
> 17845bb2:       4439            add     r1, r7
> 17845bb4:       1bd2            subs    r2, r2, r7
> 17845bb6:       4630            mov     r0, r6
> 17845bb8:       f7ff fef9       bl      178459ae <br_i32_decode> <<<<<<
>         (*prop)->n0inv = br_i32_ninv32(n[1]);
> 17845bbc:       6873            ldr     r3, [r6, #4]
> 17845bbe:       682a            ldr     r2, [r5, #0]
>         y = 2 - x;
> 17845bc0:       f1c3 0102       rsb     r1, r3, #2
> 
> 
> 
> Best regards
> 
> Heinrich