* [PATCH] lib: rsa: Add debug message on algo mismatch
@ 2021-02-16 16:40 Sean Anderson
2021-02-16 17:01 ` Wolfgang Denk
2021-02-25 13:29 ` Tom Rini
0 siblings, 2 replies; 5+ messages in thread
From: Sean Anderson @ 2021-02-16 16:40 UTC (permalink / raw)
To: u-boot
Currently we fail silently if there is an algorithm mismatch. To help
distinguish this failure condition.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
---
lib/rsa/rsa-verify.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index e34d3293d1..aee76f42d5 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -447,8 +447,11 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
}
algo = fdt_getprop(blob, node, "algo", NULL);
- if (strcmp(info->name, algo))
+ if (strcmp(info->name, algo)) {
+ debug("%s: Wrong algo: have %s, expected %s", __func__,
+ info->name, algo);
return -EFAULT;
+ }
prop.num_bits = fdtdec_get_int(blob, node, "rsa,num-bits", 0);
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH] lib: rsa: Add debug message on algo mismatch
2021-02-16 16:40 [PATCH] lib: rsa: Add debug message on algo mismatch Sean Anderson
@ 2021-02-16 17:01 ` Wolfgang Denk
2021-02-16 17:05 ` Sean Anderson
2021-02-25 13:29 ` Tom Rini
1 sibling, 1 reply; 5+ messages in thread
From: Wolfgang Denk @ 2021-02-16 17:01 UTC (permalink / raw)
To: u-boot
Dear Sean Anderson,
In message <20210216164016.635125-1-sean.anderson@seco.com> you wrote:
> Currently we fail silently if there is an algorithm mismatch. To help
> distinguish this failure condition.
>
> Signed-off-by: Sean Anderson <sean.anderson@seco.com>
> ---
>
> lib/rsa/rsa-verify.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> index e34d3293d1..aee76f42d5 100644
> --- a/lib/rsa/rsa-verify.c
> +++ b/lib/rsa/rsa-verify.c
> @@ -447,8 +447,11 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
> }
>
> algo = fdt_getprop(blob, node, "algo", NULL);
> - if (strcmp(info->name, algo))
> + if (strcmp(info->name, algo)) {
> + debug("%s: Wrong algo: have %s, expected %s", __func__,
> + info->name, algo);
> return -EFAULT;
> + }
If this is considered an error, should that not be a printf() then
instead of a debug() which users will never see?
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
It is impractical for the standard to attempt to constrain the
behavior of code that does not obey the constraints of the standard.
- Doug Gwyn
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] lib: rsa: Add debug message on algo mismatch
2021-02-16 17:01 ` Wolfgang Denk
@ 2021-02-16 17:05 ` Sean Anderson
2021-02-17 2:45 ` Simon Glass
0 siblings, 1 reply; 5+ messages in thread
From: Sean Anderson @ 2021-02-16 17:05 UTC (permalink / raw)
To: u-boot
On 2/16/21 12:01 PM, Wolfgang Denk wrote:
> Dear Sean Anderson,
>
> In message <20210216164016.635125-1-sean.anderson@seco.com> you wrote:
>> Currently we fail silently if there is an algorithm mismatch. To help
>> distinguish this failure condition.
>>
>> Signed-off-by: Sean Anderson <sean.anderson@seco.com>
>> ---
>>
>> lib/rsa/rsa-verify.c | 5 ++++-
>> 1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
>> index e34d3293d1..aee76f42d5 100644
>> --- a/lib/rsa/rsa-verify.c
>> +++ b/lib/rsa/rsa-verify.c
>> @@ -447,8 +447,11 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
>> }
>>
>> algo = fdt_getprop(blob, node, "algo", NULL);
>> - if (strcmp(info->name, algo))
>> + if (strcmp(info->name, algo)) {
>> + debug("%s: Wrong algo: have %s, expected %s", __func__,
>> + info->name, algo);
>> return -EFAULT;
>> + }
>
> If this is considered an error, should that not be a printf() then
> instead of a debug() which users will never see?
I also thought that, but the much of the rest of this file also uses
debug() to report errors. Perhaps there are security implications? Or
perhaps it was done to reduce binary size? Simon, can you comment on
this?
--Sean
>
> Best regards,
>
> Wolfgang Denk
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] lib: rsa: Add debug message on algo mismatch
2021-02-16 17:05 ` Sean Anderson
@ 2021-02-17 2:45 ` Simon Glass
0 siblings, 0 replies; 5+ messages in thread
From: Simon Glass @ 2021-02-17 2:45 UTC (permalink / raw)
To: u-boot
Hi Sean,
On Tue, 16 Feb 2021 at 10:05, Sean Anderson <sean.anderson@seco.com> wrote:
>
>
>
> On 2/16/21 12:01 PM, Wolfgang Denk wrote:
> > Dear Sean Anderson,
> >
> > In message <20210216164016.635125-1-sean.anderson@seco.com> you wrote:
> >> Currently we fail silently if there is an algorithm mismatch. To help
> >> distinguish this failure condition.
> >>
> >> Signed-off-by: Sean Anderson <sean.anderson@seco.com>
> >> ---
> >>
> >> lib/rsa/rsa-verify.c | 5 ++++-
> >> 1 file changed, 4 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> >> index e34d3293d1..aee76f42d5 100644
> >> --- a/lib/rsa/rsa-verify.c
> >> +++ b/lib/rsa/rsa-verify.c
> >> @@ -447,8 +447,11 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
> >> }
> >>
> >> algo = fdt_getprop(blob, node, "algo", NULL);
> >> - if (strcmp(info->name, algo))
> >> + if (strcmp(info->name, algo)) {
> >> + debug("%s: Wrong algo: have %s, expected %s", __func__,
> >> + info->name, algo);
> >> return -EFAULT;
> >> + }
> >
> > If this is considered an error, should that not be a printf() then
> > instead of a debug() which users will never see?
>
> I also thought that, but the much of the rest of this file also uses
> debug() to report errors. Perhaps there are security implications? Or
> perhaps it was done to reduce binary size? Simon, can you comment on
> this?
In general should not print messages in the bowels of the code, since
then there is no way to control what is printed. So long as the error
is produced it can be reported and propagated up, and you can document
what the different error codes mean. It also bloats the code to
include strings everywhere.
I suggest adding logging around the return value as it makes it easy
to trace things:
CONFIG_LOG_ERROR_RETURN=y
and return the error with:
return log_msg_ret("algo", -EFAULT)
Regards,
Simon
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] lib: rsa: Add debug message on algo mismatch
2021-02-16 16:40 [PATCH] lib: rsa: Add debug message on algo mismatch Sean Anderson
2021-02-16 17:01 ` Wolfgang Denk
@ 2021-02-25 13:29 ` Tom Rini
1 sibling, 0 replies; 5+ messages in thread
From: Tom Rini @ 2021-02-25 13:29 UTC (permalink / raw)
To: u-boot
On Tue, Feb 16, 2021 at 11:40:15AM -0500, Sean Anderson wrote:
> Currently we fail silently if there is an algorithm mismatch. To help
> distinguish this failure condition.
>
> Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210225/d31f8c43/attachment.sig>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-02-25 13:29 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-16 16:40 [PATCH] lib: rsa: Add debug message on algo mismatch Sean Anderson
2021-02-16 17:01 ` Wolfgang Denk
2021-02-16 17:05 ` Sean Anderson
2021-02-17 2:45 ` Simon Glass
2021-02-25 13:29 ` Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.