[PATCH] rsa: fix alignment issue when getting public exponent

Heiko Stuebner heiko at sntech.de
Sun May 3 13:26:34 CEST 2020

From: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>

To fill the exponent field of the rsa_public_key struct, rsa_mod_exp_sw
did a cast to uint64_t of the key_prop->public_exponent field.
But that alignment is not guaranteed in all cases.

This came to light when in my spl-fit-signature the key-name exceeded
a certain length and with it the verification then started failing.
(naming it "integrity" worked fine, "integrity-uboot" failed)

key_prop.public_exponent itself is actually a void-pointer, fdt_getprop()
also just returns such a void-pointer and inside the devicetree the 64bit
exponent is represented as 2 32bit numbers, so assuming a 64bit alignment
can lead to false reads.

So just use the already existing rsa_convert_big_endian() to do the actual
conversion from the dt's big-endian to the needed uint64 value.

Fixes: fc2f4246b4b3 ("rsa: Split the rsa-verify to separate the modular exponentiation")
Signed-off-by: Heiko Stuebner <heiko.stuebner at theobroma-systems.com>
 lib/rsa/rsa-mod-exp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/rsa/rsa-mod-exp.c b/lib/rsa/rsa-mod-exp.c
index 420ab2eba0..62b2557cc2 100644
--- a/lib/rsa/rsa-mod-exp.c
+++ b/lib/rsa/rsa-mod-exp.c
@@ -262,8 +262,8 @@ int rsa_mod_exp_sw(const uint8_t *sig, uint32_t sig_len,
 	if (!prop->public_exponent)
 		key.exponent = RSA_DEFAULT_PUBEXP;
-		key.exponent =
-			fdt64_to_cpu(*((uint64_t *)(prop->public_exponent)));
+		rsa_convert_big_endian((uint32_t *)&key.exponent,
+				       prop->public_exponent, 2);
 	if (!key.len || !prop->modulus || !prop->rr) {
 		debug("%s: Missing RSA key info", __func__);

More information about the U-Boot mailing list