From fb7330545e08876e26dae155f6f6d6788e4a102e Mon Sep 17 00:00:00 2001 From: SESA644425 Date: Wed, 9 Mar 2022 01:27:16 -0800 Subject: [PATCH] lib: rsa: Leverage existing data buffer instead of systematic copy Prior to introduction of modifications in rsassa_pss functions related to padding verification, doing a pass to reduce memory consumption of function by replacing memory copies of parts of const buffer by pointers to the original buffer (masked_db and h are subparts of msg buffer which is declared const, salt is a subpart of db which is a working buffer, unmodified after being filled). New pointers scope is limited to the function where they are declared (not returned to caller by any mean), zeroing risk of memory fault related to the change. Signed-off-by: SESA644425 Reviewed-by: Simon Glass --- lib/rsa/rsa-verify.c | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index c2c7248f90..de71234cfb 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -208,6 +208,10 @@ out: * saltlen:-1 "set the salt length to the digest length" is currently * not supported. * + * msg is a concatenation of : masked_db + h + 0xbc + * Once unmasked, db is a concatenation of : [0x00]* + 0x01 + salt + * Length of 0-padding at begin of db depends on salt length. + * * @info: Specifies key and FIT information * @msg: byte array of message, len equal to msg_len * @msg_len: Message length @@ -218,27 +222,25 @@ int padding_pss_verify(struct image_sign_info *info, const uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len) { - uint8_t *masked_db = NULL; - int masked_db_len = msg_len - hash_len - 1; - uint8_t *h = NULL, *hprime = NULL; - int h_len = hash_len; + const uint8_t *masked_db = NULL; uint8_t *db_mask = NULL; - int db_mask_len = masked_db_len; - uint8_t *db = NULL, *salt = NULL; - int db_len = masked_db_len, salt_len = msg_len - hash_len - 2; + uint8_t *db = NULL; + int db_len = msg_len - hash_len - 1; + const uint8_t *h = NULL; + uint8_t *hprime = NULL; + int h_len = hash_len; + uint8_t *salt = NULL; + int salt_len = msg_len - hash_len - 2; uint8_t pad_zero[8] = { 0 }; int ret, i, leftmost_bits = 1; uint8_t leftmost_mask; struct checksum_algo *checksum = info->checksum; /* first, allocate everything */ - masked_db = malloc(masked_db_len); - h = malloc(h_len); - db_mask = malloc(db_mask_len); + db_mask = malloc(db_len); db = malloc(db_len); - salt = malloc(salt_len); hprime = malloc(hash_len); - if (!masked_db || !h || !db_mask || !db || !salt || !hprime) { + if (!db_mask || !db || !hprime) { printf("%s: can't allocate some buffer\n", __func__); ret = -ENOMEM; goto out; @@ -252,8 +254,8 @@ int padding_pss_verify(struct image_sign_info *info, } /* step 5 */ - memcpy(masked_db, msg, masked_db_len); - memcpy(h, msg + masked_db_len, h_len); + masked_db = &msg[0]; + h = &msg[db_len]; /* step 6 */ leftmost_mask = (0xff >> (8 - leftmost_bits)) << (8 - leftmost_bits); @@ -265,7 +267,7 @@ int padding_pss_verify(struct image_sign_info *info, } /* step 7 */ - mask_generation_function1(checksum, h, h_len, db_mask, db_mask_len); + mask_generation_function1(checksum, h, h_len, db_mask, db_len); /* step 8 */ for (i = 0; i < db_len; i++) @@ -283,7 +285,7 @@ int padding_pss_verify(struct image_sign_info *info, } /* step 11 */ - memcpy(salt, &db[1], salt_len); + salt = &db[1]; /* step 12 & 13 */ compute_hash_prime(checksum, pad_zero, 8, @@ -295,11 +297,8 @@ int padding_pss_verify(struct image_sign_info *info, out: free(hprime); - free(salt); free(db); free(db_mask); - free(h); - free(masked_db); return ret; } -- 2.39.5