[PATCH] Check curve_name for null to avoid crash

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [PATCH] Check curve_name for null to avoid crash
@ 2024-02-22 22:18 Bob Wolff
  2024-02-23  1:24 ` Sean Anderson
  0 siblings, 1 reply; 5+ messages in thread
From: Bob Wolff @ 2024-02-22 22:18 UTC (permalink / raw)
  To: u-boot; +Cc: seanga2, pbrobinson, Bob Wolff, Tom Rini

If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent
into the ecdsa verify. Without the ecdsa,curve property, this function will
crash due to lack of checking the null pointer return.
Signed-off-by: Bob Wolff <bob.wolff68@gmail.com>
---

 lib/ecdsa/ecdsa-verify.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
index 0601700c4f..4d1835b598 100644
--- a/lib/ecdsa/ecdsa-verify.c
+++ b/lib/ecdsa/ecdsa-verify.c
@@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
 	int x_len, y_len;
 
 	key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);
+	if (!key->curve_name) {
+		debug("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely not an ecdsa key.\n");
+		return -ENOMSG;
+	}
+
 	key->size_bits = ecdsa_key_size(key->curve_name);
 	if (key->size_bits == 0) {
 		debug("Unknown ECDSA curve '%s'", key->curve_name);
-- 
2.39.3 (Apple Git-145)


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] Check curve_name for null to avoid crash
  2024-02-22 22:18 [PATCH] Check curve_name for null to avoid crash Bob Wolff
@ 2024-02-23  1:24 ` Sean Anderson
  0 siblings, 0 replies; 5+ messages in thread
From: Sean Anderson @ 2024-02-23  1:24 UTC (permalink / raw)
  To: Bob Wolff, u-boot; +Cc: pbrobinson, Tom Rini

On 2/22/24 17:18, Bob Wolff wrote:
> If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent
> into the ecdsa verify. Without the ecdsa,curve property, this function will
> crash due to lack of checking the null pointer return.

nit: there should be a blank line here

> Signed-off-by: Bob Wolff <bob.wolff68@gmail.com>
> ---
> 
>   lib/ecdsa/ecdsa-verify.c | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
> index 0601700c4f..4d1835b598 100644
> --- a/lib/ecdsa/ecdsa-verify.c
> +++ b/lib/ecdsa/ecdsa-verify.c
> @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
>   	int x_len, y_len;
>   
>   	key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);
> +	if (!key->curve_name) {
> +		debug("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely not an ecdsa key.\n");
> +		return -ENOMSG;
> +	}
> +
>   	key->size_bits = ecdsa_key_size(key->curve_name);
>   	if (key->size_bits == 0) {
>   		debug("Unknown ECDSA curve '%s'", key->curve_name);

Reviewed-by: Sean Anderson <seanga2@gmail.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] Check curve_name for null to avoid crash
@ 2024-02-27 23:57 Bob Wolff
  2024-03-06 22:55 ` Bob Wolff
  2024-03-07 17:12 ` Tom Rini
  0 siblings, 2 replies; 5+ messages in thread
From: Bob Wolff @ 2024-02-27 23:57 UTC (permalink / raw)
  To: u-boot; +Cc: seanga2, pbrobinson, Bob Wolff, Tom Rini

If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent
into the ecdsa verify. Without the ecdsa,curve property, this function will
crash due to lack of checking the null pointer return.

Signed-off-by: Bob Wolff <bob.wolff68@gmail.com>
---

 lib/ecdsa/ecdsa-verify.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
index 0601700c4f..4d1835b598 100644
--- a/lib/ecdsa/ecdsa-verify.c
+++ b/lib/ecdsa/ecdsa-verify.c
@@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
 	int x_len, y_len;
 
 	key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);
+	if (!key->curve_name) {
+		debug("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely not an ecdsa key.\n");
+		return -ENOMSG;
+	}
+
 	key->size_bits = ecdsa_key_size(key->curve_name);
 	if (key->size_bits == 0) {
 		debug("Unknown ECDSA curve '%s'", key->curve_name);
-- 
2.39.3 (Apple Git-145)


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] Check curve_name for null to avoid crash
  2024-02-27 23:57 Bob Wolff
@ 2024-03-06 22:55 ` Bob Wolff
  2024-03-07 17:12 ` Tom Rini
  1 sibling, 0 replies; 5+ messages in thread
From: Bob Wolff @ 2024-03-06 22:55 UTC (permalink / raw)
  To: u-boot; +Cc: seanga2, pbrobinson, Tom Rini

Hey all,
I think I addressed the nit of the missing blank line in my last email on
this thread. Wondering if there's more action to be had on my part or if
this just gets accepted etc.

Thanks!
Bob Wolff

On Tue, Feb 27, 2024 at 3:57 PM Bob Wolff <bob.wolff68@gmail.com> wrote:

> If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent
> into the ecdsa verify. Without the ecdsa,curve property, this function will
> crash due to lack of checking the null pointer return.
>
> Signed-off-by: Bob Wolff <bob.wolff68@gmail.com>
> ---
>
>  lib/ecdsa/ecdsa-verify.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
> index 0601700c4f..4d1835b598 100644
> --- a/lib/ecdsa/ecdsa-verify.c
> +++ b/lib/ecdsa/ecdsa-verify.c
> @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key,
> const void *fdt, int node)
>         int x_len, y_len;
>
>         key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);
> +       if (!key->curve_name) {
> +               debug("Error: ecdsa cannot get 'ecdsa,curve' property from
> key. Likely not an ecdsa key.\n");
> +               return -ENOMSG;
> +       }
> +
>         key->size_bits = ecdsa_key_size(key->curve_name);
>         if (key->size_bits == 0) {
>                 debug("Unknown ECDSA curve '%s'", key->curve_name);
> --
> 2.39.3 (Apple Git-145)
>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] Check curve_name for null to avoid crash
  2024-02-27 23:57 Bob Wolff
  2024-03-06 22:55 ` Bob Wolff
@ 2024-03-07 17:12 ` Tom Rini
  1 sibling, 0 replies; 5+ messages in thread
From: Tom Rini @ 2024-03-07 17:12 UTC (permalink / raw)
  To: Bob Wolff; +Cc: u-boot, seanga2, pbrobinson

[-- Attachment #1: Type: text/plain, Size: 379 bytes --]

On Tue, Feb 27, 2024 at 03:57:03PM -0800, Bob Wolff wrote:

> If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent
> into the ecdsa verify. Without the ecdsa,curve property, this function will
> crash due to lack of checking the null pointer return.
> 
> Signed-off-by: Bob Wolff <bob.wolff68@gmail.com>

Applied to u-boot/next, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-03-07 17:12 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-22 22:18 [PATCH] Check curve_name for null to avoid crash Bob Wolff
2024-02-23  1:24 ` Sean Anderson
  -- strict thread matches above, loose matches on Subject: below --
2024-02-27 23:57 Bob Wolff
2024-03-06 22:55 ` Bob Wolff
2024-03-07 17:12 ` Tom Rini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox