On Wed Mar 20, 2024 at 1:47 PM EET, Stefan Berger wrote: > In preparation for support of NIST P521, adjust the basic tests on the > length of the provided key parameters to only ensure that the length of the > x plus y coordinates parameter array is not an odd number and that each > coordinate fits into an array of 'ndigits' digits. Mathematical tests on > the key's parameters are then done in ecc_is_pubkey_valid_full rejecting > invalid keys. > > The change is necessary since NIST P521 keys do not have keys with > coordinates that each require 'full' digits (= all bits in u64 used). > NIST P521 only requires 2 bytes (9 bits) in the most significant digit > unlike NIST P192/256/384 that each require multiple 'full' digits. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > Tested-by: Lukas Wunner <lukas@xxxxxxxxx> > --- > crypto/ecdsa.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c > index 6653dec17327..64e1e69d53ba 100644 > --- a/crypto/ecdsa.c > +++ b/crypto/ecdsa.c > @@ -230,7 +230,7 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig > if (ret < 0) > return ret; > > - if (keylen < 1 || (((keylen - 1) >> 1) % sizeof(u64)) != 0) > + if (keylen < 1 || ((keylen - 1) & 1) != 0) > return -EINVAL; > /* we only accept uncompressed format indicated by '4' */ > if (d[0] != 4) Had to write this down to the paper to fully get it but yeah makes sense (especially since I just truncated 4 KiB blocks to 1 KiB in my doc update :-)) but yeah seems to be correct: Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> I guess that in this case I can give also tested-by since I actually did test the formula (on paper): Tested-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> As in general for tested-by's for patches I've sent or seen in circulation there's bunch of convetions I've encountered so I do agree that it is up to Herbert to decide the correct one. BR, Jarkko
