[PATCH] ecdsa: fix segfault in mkimage when "-r" option is not set

Lucas Dietrich Mon, 07 Jul 2025 13:10:32 -0700

Fix a segmentation fault in the ECDSA signing logic of `mkimage`
that occurs when the "-r" option is not specified.


This reproduces the logic in `lib/rsa/rsa-sign.c` by checking if
`info->require_keys` is non-null before passing it to
`fdt_setprop_string()`.

Signed-off-by: Lucas Dietrich <lucas.dietrich....@proton.me>
---
 lib/ecdsa/ecdsa-libcrypto.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index f0095e9dbcf..f48df2b870f 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -345,10 +345,12 @@ static int do_add(struct signer *ctx, void *fdt, const 
char *key_node_name,
        if (ret < 0)
                return ret;
 
-       ret = fdt_setprop_string(fdt, key_node, FIT_KEY_REQUIRED,
-                                info->require_keys);
-       if (ret < 0)
-               return ret;
+       if (info->require_keys) {
+               ret = fdt_setprop_string(fdt, key_node, FIT_KEY_REQUIRED,
+                                        info->require_keys);
+               if (ret < 0)
+                       return ret;
+       }
 
        return key_node;
 }
-- 
2.39.5

[PATCH] ecdsa: fix segfault in mkimage when "-r" option is not set

Reply via email to