[PATCH 1/3] keytoc: check for memory allocation failures

[PATCH 1/3] keytoc: check for memory allocation failures

[Ahmad Fatoum]

System headers may mark asprintf with an attribute requiring that the
result isn't used unchecked. Add the check and check the malloc() return
code as well for good measure.

Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 scripts/keytoc.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/scripts/keytoc.c b/scripts/keytoc.c
index d5c8aa2e1216..c60df8a5f017 100644
--- a/scripts/keytoc.c
+++ b/scripts/keytoc.c
@@ -28,6 +28,12 @@
 
 static int dts, standalone;
 
+static void enomem_exit(const char *func)
+{
+	fprintf(stderr, "%s: Out of memory\n", func);
+	exit(2);
+}
+
 static int openssl_error(const char *fmt, ...)
 {
 	va_list va;
@@ -351,6 +357,8 @@ static int print_bignum(BIGNUM *num, int num_bits, int width)
 	BN_exp(big2_32, big2, big32, ctx); /* B = 2^width */
 
 	arr = malloc(num_bits / width * sizeof(*arr));
+	if (!arr)
+		enomem_exit("malloc");
 
 	for (i = 0; i < num_bits / width; i++) {
 		BN_mod(tmp, num, big2_32, ctx); /* n = N mod B */
@@ -679,7 +687,9 @@ int main(int argc, char *argv[])
 		}
 
 		if (!keyname) {
-			asprintf(&freep, "key_%d", keynum++);
+			ret = asprintf(&freep, "key_%d", keynum++);
+			if (ret < 0)
+				enomem_exit("asprintf");
 			keyname = freep;
 		}
 
-- 
2.39.5

[PATCH 2/3] crypto: fix compile with empty CONFIG_CRYPTO_PUBLIC_KEYS

[Ahmad Fatoum]

This currently results in an error message from keytoc when there are no
keys to convert into C. This breaks make allyesconfig, so workaround
that by allowing the symbol to be empty and generating an empty header
in that case.

Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 crypto/Makefile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/crypto/Makefile b/crypto/Makefile
index aa8cd21e1d5d..0354e4568373 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -33,7 +33,13 @@ $(obj)/public-keys.o: $(obj)/public-keys.h
 CONFIG_CRYPTO_PUBLIC_KEYS := $(shell echo $(CONFIG_CRYPTO_PUBLIC_KEYS))
 CONFIG_CRYPTO_PUBLIC_KEYS := $(foreach d,$(CONFIG_CRYPTO_PUBLIC_KEYS),"$(d)")
 
+filechk_public_keys_dummy = echo
+
 $(obj)/public-keys.h: FORCE
+ifdef CONFIG_CRYPTO_PUBLIC_KEYS
 	$(call cmd,public_keys,$(CONFIG_CRYPTO_PUBLIC_KEYS))
+else
+	$(call filechk,public_keys_dummy)
+endif
 
 endif
-- 
2.39.5

[PATCH 3/3] FIT: add dependency on CRYPTO_BUILTIN_KEYS for signature verification

[Ahmad Fatoum]

FITIMAGE_SIGNATURE adds references to symbols that are only defined when
CRYPTO_BUILTIN_KEYS is defined. Fix this by adding the missing select.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 common/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common/Kconfig b/common/Kconfig
index aca44ff28b36..859356038386 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -63,6 +63,7 @@ config FITIMAGE
 
 config FITIMAGE_SIGNATURE
 	bool
+	select CRYPTO_BUILTIN_KEYS
 
 config LOGBUF
 	bool
-- 
2.39.5

Re: [PATCH 1/3] keytoc: check for memory allocation failures

[Sascha Hauer]

On Mon, 14 Oct 2024 13:52:11 +0200, Ahmad Fatoum wrote:
> System headers may mark asprintf with an attribute requiring that the
> result isn't used unchecked. Add the check and check the malloc() return
> code as well for good measure.
> 
> 

Applied, thanks!

[1/3] keytoc: check for memory allocation failures
      https://git.pengutronix.de/cgit/barebox/commit/?id=7607389f52a2 (link may not be stable)
[2/3] crypto: fix compile with empty CONFIG_CRYPTO_PUBLIC_KEYS
      https://git.pengutronix.de/cgit/barebox/commit/?id=543df8c88ded (link may not be stable)
[3/3] FIT: add dependency on CRYPTO_BUILTIN_KEYS for signature verification
      https://git.pengutronix.de/cgit/barebox/commit/?id=4a60caf7963f (link may not be stable)

Best regards,
-- 
Sascha Hauer <s.hauer@pengutronix.de>