crypto: ecdsa - Adjust tests on length of key parameters
In preparation for support of NIST P521, adjust the basic tests on the length of the provided key parameters to only ensure that the length of the x plus y coordinates parameter array is not an odd number and that each coordinate fits into an array of 'ndigits' digits. Mathematical tests on the key's parameters are then done in ecc_is_pubkey_valid_full rejecting invalid keys. The change is necessary since NIST P521 keys do not have keys with coordinates that each require 'full' digits (= all bits in u64 used). NIST P521 only requires 2 bytes (9 bits) in the most significant digit unlike NIST P192/256/384 that each require multiple 'full' digits. Tested-by: Lukas Wunner <lukas@wunner.de> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
d67c96fb97
commit
dcee6068d4
@ -230,7 +230,7 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
if (keylen < 1 || (((keylen - 1) >> 1) % sizeof(u64)) != 0)
|
||||
if (keylen < 1 || ((keylen - 1) & 1) != 0)
|
||||
return -EINVAL;
|
||||
/* we only accept uncompressed format indicated by '4' */
|
||||
if (d[0] != 4)
|
||||
|
Loading…
Reference in New Issue
Block a user