On Tue Mar 12, 2024 at 8:36 PM EET, Stefan Berger wrote: > From: Stefan Berger <stefanb@xxxxxxxxxxxxx> > > In preparation for support of NIST P521, adjust the basic tests on the > length of the provided key parameters to only ensure that the length of the > x plus y coordinates parameter array is not an odd number and that each > coordinate fits into an array of 'ndigits' digits. Mathematical tests on > the key's parameters are then done in ecc_is_pubkey_valid_full rejecting > invalid keys. > > The change is necessary since NIST P521 keys do not have keys with > coordinates that each fully require 'full' digits (= u64), unlike > NIST P192/256/384 that all require multiple 'full' digits. This sentence is not really comprehendable English sentence. Can you just write the rationale in understandable form? "fully require full digits (= u64)" is something totally alien to me tbh. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > Tested-by: Lukas Wunner <lukas@xxxxxxxxx> > --- > crypto/ecdsa.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c > index 6653dec17327..64e1e69d53ba 100644 > --- a/crypto/ecdsa.c > +++ b/crypto/ecdsa.c > @@ -230,7 +230,7 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig > if (ret < 0) > return ret; > > - if (keylen < 1 || (((keylen - 1) >> 1) % sizeof(u64)) != 0) > + if (keylen < 1 || ((keylen - 1) & 1) != 0) > return -EINVAL; > /* we only accept uncompressed format indicated by '4' */ > if (d[0] != 4) BR, Jarkko
