diff options
| author | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2022-08-31 21:13:40 +0200 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2022-09-15 09:57:11 -0400 |
| commit | 0cd933bb4bd74084d942c42098ebf9e07d9e0f63 (patch) | |
| tree | f3f4c2a9d5d19e8b548ce6ed98fbd5610d30bdd7 /lib/rsa | |
| parent | 069f0d7506f6e256f9e2ade82e315ef976dfb9ba (diff) | |
| download | u-boot-0cd933bb4bd74084d942c42098ebf9e07d9e0f63.zip u-boot-0cd933bb4bd74084d942c42098ebf9e07d9e0f63.tar.gz u-boot-0cd933bb4bd74084d942c42098ebf9e07d9e0f63.tar.bz2 | |
lib: rsa: fix padding_pss_verify
Check the that the hash length is shorter than the message length. This
avoids:
./tools/../lib/rsa/rsa-verify.c:275:11: warning:
‘*db’ may be used uninitialized [-Wmaybe-uninitialized]
275 | db[0] &= 0xff >> leftmost_bits;
Fixes: 061daa0b61f0 ("rsa: add support of padding pss")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'lib/rsa')
| -rw-r--r-- | lib/rsa/rsa-verify.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 1d95cfb..9605c37 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -215,6 +215,8 @@ out: * @msg_len: Message length * @hash: Pointer to the expected hash * @hash_len: Length of the hash + * + * Return: 0 if padding is correct, non-zero otherwise */ int padding_pss_verify(struct image_sign_info *info, const uint8_t *msg, int msg_len, @@ -234,6 +236,9 @@ int padding_pss_verify(struct image_sign_info *info, uint8_t leftmost_mask; struct checksum_algo *checksum = info->checksum; + if (db_len <= 0) + return -EINVAL; + /* first, allocate everything */ db_mask = malloc(db_len); db = malloc(db_len); |