leandrof/u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib: rsa: check algo match in rsa_verify_with_keynode

Browse Source 
The algo name should match between the FIT's signature node and the
U-Boot's control FDT.

If we do not check it, U-Boot's control FDT can expect sha512 hash but
nothing will prevent to accept image with sha1 hash if the signature is correct.

Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
This commit is contained in:
Matthieu CASTET 2020-09-23 19:11:44 +02:00 committed by Tom Rini
parent 54ab7cf1dd
commit 167fb1f8dc
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/rsa/rsa-verify.c
View File

@ -439,12 +439,17 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
struct key_prop prop;
int length;
int ret = 0;
const char *algo;
if (node < 0) {
debug("%s: Skipping invalid node", __func__);
return -EBADF;
}
algo = fdt_getprop(blob, node, "algo", NULL);
if (strcmp(info->name, algo))
return -EFAULT;
prop.num_bits = fdtdec_get_int(blob, node, "rsa,num-bits", 0);
prop.n0inv = fdtdec_get_int(blob, node, "rsa,n0-inverse", 0);