Re: [PATCH] rsa: fix alignment issue when getting public exponent

Thu, 07 May 2020 06:07:00 -0700 

On Thu, May 07, 2020 at 09:10:17AM +0200, Jan Kiszka wrote:
> On 03.05.20 13:26, Heiko Stuebner wrote:
> > From: Heiko Stuebner <heiko.stueb...@theobroma-systems.com>
> > 
> > To fill the exponent field of the rsa_public_key struct, rsa_mod_exp_sw
> > did a cast to uint64_t of the key_prop->public_exponent field.
> > But that alignment is not guaranteed in all cases.
> > 
> > This came to light when in my spl-fit-signature the key-name exceeded
> > a certain length and with it the verification then started failing.
> > (naming it "integrity" worked fine, "integrity-uboot" failed)
> > 
> > key_prop.public_exponent itself is actually a void-pointer, fdt_getprop()
> > also just returns such a void-pointer and inside the devicetree the 64bit
> > exponent is represented as 2 32bit numbers, so assuming a 64bit alignment
> > can lead to false reads.
> > 
> > So just use the already existing rsa_convert_big_endian() to do the actual
> > conversion from the dt's big-endian to the needed uint64 value.
> > 
> > Fixes: fc2f4246b4b3 ("rsa: Split the rsa-verify to separate the modular 
> > exponentiation")
> > Signed-off-by: Heiko Stuebner <heiko.stueb...@theobroma-systems.com>
> > Reviewed-by: Philipp Tomsich <philipp.toms...@theobroma-systems.com>
> > Reviewed-by: Simon Glass <s...@chromium.org>
> > ---
> >   lib/rsa/rsa-mod-exp.c | 4 ++--
> >   1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/lib/rsa/rsa-mod-exp.c b/lib/rsa/rsa-mod-exp.c
> > index 420ab2eba0..62b2557cc2 100644
> > --- a/lib/rsa/rsa-mod-exp.c
> > +++ b/lib/rsa/rsa-mod-exp.c
> > @@ -262,8 +262,8 @@ int rsa_mod_exp_sw(const uint8_t *sig, uint32_t sig_len,
> >     if (!prop->public_exponent)
> >             key.exponent = RSA_DEFAULT_PUBEXP;
> >     else
> > -           key.exponent =
> > -                   fdt64_to_cpu(*((uint64_t *)(prop->public_exponent)));
> > +           rsa_convert_big_endian((uint32_t *)&key.exponent,
> > +                                  prop->public_exponent, 2);
> >     if (!key.len || !prop->modulus || !prop->rr) {
> >             debug("%s: Missing RSA key info", __func__);
> > 
> 
> Tested-by: Jan Kiszka <jan.kis...@siemens.com>
> 
> I debugged the same issue on our AM654x-based board where we do fit image
> verification in SPL. As there is apparently no unaligned access possible,
> this bit us as well. Obsoletes my own patch attempt.

And, blarg, I just put your tested-by on the mkimage revert and not this
bugfix, sorry!  I should go make coffee now...

-- 
Tom

Attachment: signature.asc
Description: PGP signature

Reply via email to