summaryrefslogtreecommitdiff
path: root/lib/rsa
diff options
context:
space:
mode:
authorHeiko Stuebner <heiko.stuebner@theobroma-systems.com>2020-05-03 13:26:34 +0200
committerTom Rini <trini@konsulko.com>2020-05-07 09:01:42 -0400
commitfdf0819afb5b7a8757ba1b4fdfe14f3767ab7e87 (patch)
tree42641387fa77a883ffe4d51227f6b5fad39dc399 /lib/rsa
parentc2a2123e33371b2dc3406789764996d4fa73aac3 (diff)
downloadu-boot-fdf0819afb5b7a8757ba1b4fdfe14f3767ab7e87.tar.gz
u-boot-fdf0819afb5b7a8757ba1b4fdfe14f3767ab7e87.tar.bz2
u-boot-fdf0819afb5b7a8757ba1b4fdfe14f3767ab7e87.zip
rsa: fix alignment issue when getting public exponent
To fill the exponent field of the rsa_public_key struct, rsa_mod_exp_sw did a cast to uint64_t of the key_prop->public_exponent field. But that alignment is not guaranteed in all cases. This came to light when in my spl-fit-signature the key-name exceeded a certain length and with it the verification then started failing. (naming it "integrity" worked fine, "integrity-uboot" failed) key_prop.public_exponent itself is actually a void-pointer, fdt_getprop() also just returns such a void-pointer and inside the devicetree the 64bit exponent is represented as 2 32bit numbers, so assuming a 64bit alignment can lead to false reads. So just use the already existing rsa_convert_big_endian() to do the actual conversion from the dt's big-endian to the needed uint64 value. Fixes: fc2f4246b4b3 ("rsa: Split the rsa-verify to separate the modular exponentiation") Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'lib/rsa')
-rw-r--r--lib/rsa/rsa-mod-exp.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/rsa/rsa-mod-exp.c b/lib/rsa/rsa-mod-exp.c
index 420ab2eba0..62b2557cc2 100644
--- a/lib/rsa/rsa-mod-exp.c
+++ b/lib/rsa/rsa-mod-exp.c
@@ -262,8 +262,8 @@ int rsa_mod_exp_sw(const uint8_t *sig, uint32_t sig_len,
if (!prop->public_exponent)
key.exponent = RSA_DEFAULT_PUBEXP;
else
- key.exponent =
- fdt64_to_cpu(*((uint64_t *)(prop->public_exponent)));
+ rsa_convert_big_endian((uint32_t *)&key.exponent,
+ prop->public_exponent, 2);
if (!key.len || !prop->modulus || !prop->rr) {
debug("%s: Missing RSA key info", __func__);