bootutil: ecdsa P-256: Fix handling of sizes

The ECDSA signature is written as two DER-encoded INTEGERS. Although the values are always 256 bits, the encoding ends up being variable length, because the encoding is signed, and therefore needs an extra zero byte to keep the number positive. This means that the length can vary by up to two bytes. The 'newt' tool handles this for signature by allowing space for the largest encoding, and padding with one or two zeros. However, the bootutil image check code insists that the length is exact, resulting in a decoding error on about 3/4 signatures. Fix this by only verifying that we have at least enough payload to hold the signature. There are later checks that will fail if the integers themselves are too large.
airobotnews · Feb 2, 2017 · baff96f · baff96f
1 parent f8a8bb9
commit baff96f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c
@@ -122,7 +122,7 @@ tinycrypt_decode_sig(uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS],
     if (rc) {
         return -1;
     }
-    if (cp + len != end) {
+    if (cp + len > end) {
         return -2;
     }
     rc = tinycrypt_read_bigint(r, &cp, end);