Hi Bob,

On 2/21/24 19:27, Bob Wolff wrote:

If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent into the ecdsa verify. Without the ecdsa,curve property, this function will crash due to lack of checking the null pointer return.

You can wrap commit messages at 75 characters

Signed-off-by: Bob Wolff bob.wolff68@gmail.com

lib/ecdsa/ecdsa-verify.c | 5 +++++ 1 file changed, 5 insertions(+)

diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c index 0601700c4f..01ffc3477c 100644 --- a/lib/ecdsa/ecdsa-verify.c +++ b/lib/ecdsa/ecdsa-verify.c @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node) int x_len, y_len;

key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);

• if (!key->curve_name) {
• printf("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely

not an ecdsa key.\n");

this should probably be a debug (like the below message)

• return -ENOMSG;
• }

and it looks like something ate your indentation

--Sean

key->size_bits = ecdsa_key_size(key->curve_name); if (key->size_bits == 0) { debug("Unknown ECDSA curve '%s'", key->curve_name); -- 2.39.3 (Apple Git-145)