From: Lucas Dietrich <ld.adecy@gmail.com>
Date: Mon, 7 Jul 2025 15:55:50 +0000 (+0200)
Subject: ecdsa: fix segfault in mkimage when "-r" option is not set
X-Git-Tag: v2025.10-rc1~70
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6a269b7fdefe3edc60a6218f1402f17206644628;p=thirdparty%2Fu-boot.git

ecdsa: fix segfault in mkimage when "-r" option is not set

Fix a segmentation fault in the ECDSA signing logic of `mkimage`
that occurs when the "-r" option is not specified.

This reproduces the logic in `lib/rsa/rsa-sign.c` by checking if
`info->require_keys` is non-null before passing it to
`fdt_setprop_string()`.

Signed-off-by: Lucas Dietrich <lucas.dietrich.git@proton.me>
---

diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 7415d685ee1..c4bfb2cec61 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -519,10 +519,12 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name,
 	if (ret < 0)
 		return ret;
 
-	ret = fdt_setprop_string(fdt, key_node, FIT_KEY_REQUIRED,
-				 info->require_keys);
-	if (ret < 0)
-		return ret;
+	if (info->require_keys) {
+		ret = fdt_setprop_string(fdt, key_node, FIT_KEY_REQUIRED,
+					 info->require_keys);
+		if (ret < 0)
+			return ret;
+	}
 
 	return key_node;
 }