lib: rsa: fix padding_pss_verify Check the that the hash length is shorter than the message length. This avoids: ./tools/../lib/rsa/rsa-verify.c:275:11: warning: ‘*db’ may be used uninitialized [-Wmaybe-uninitialized] 275 | db[0] &= 0xff >> leftmost_bits; Fixes: 061daa0b61f0 ("rsa: add support of padding pss") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org>

commit: df5117a6ebcbd639917aa454ea774522c6ec7b84 [log] [tgz]
author: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Wed Aug 31 21:13:40 2022 +0200
committer: Tom Rini <trini@konsulko.com> Thu Sep 15 09:57:11 2022 -0400
tree: f3f4c2a9d5d19e8b548ce6ed98fbd5610d30bdd7
parent: 5d5efec2dd38d82b53015b8332ad54f162c8a55a [diff]
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 1d95cfb..9605c37 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c

@@ -215,6 +215,8 @@
  * @msg_len:	Message length
  * @hash:	Pointer to the expected hash
  * @hash_len:	Length of the hash
+ *
+ * Return:	0 if padding is correct, non-zero otherwise
  */
 int padding_pss_verify(struct image_sign_info *info,
 		       const uint8_t *msg, int msg_len,
@@ -234,6 +236,9 @@
 	uint8_t leftmost_mask;
 	struct checksum_algo *checksum = info->checksum;
 
+	if (db_len <= 0)
+		return -EINVAL;
+
 	/* first, allocate everything */
 	db_mask = malloc(db_len);
 	db = malloc(db_len);
commit	df5117a6ebcbd639917aa454ea774522c6ec7b84	[log] [tgz]
author	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Wed Aug 31 21:13:40 2022 +0200
committer	Tom Rini <trini@konsulko.com>	Thu Sep 15 09:57:11 2022 -0400
tree	f3f4c2a9d5d19e8b548ce6ed98fbd5610d30bdd7
parent	5d5efec2dd38d82b53015b8332ad54f162c8a55a [diff]