[PATCH v4 05/14] ecdsa: fix support of secp521r1

Simon Glass sjg at chromium.org
Mon Apr 20 04:11:51 CEST 2026 

Hi Philippe,

On 2026-04-17T13:02:04, Philippe Reynes <philippe.reynes at softathome.com> wrote:
> ecdsa: fix support of secp521r1
>
> Current implementation of ecdsa only supports key len aligned on
> 8 bits. But the curve secp521r1 uses a key of 521 bits which is not
> aligned on 8 bits. In this commit, we update the keys management
> for ecdsa to support keys that are not aligned on 8 bits.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
>
> lib/ecdsa/ecdsa-libcrypto.c | 54 ++++++++++++++++++++++++++++++++++++--
>  lib/ecdsa/ecdsa-verify.c    | 64 ++++++++++++++++++++++++++++++++++++++++-----
>  lib/fdt-libcrypto.c         |  2 +-
>  tools/image-sig-host.c      |  7 +++++
>  4 files changed, 117 insertions(+), 10 deletions(-)

> diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
> @@ -87,15 +121,19 @@ static int ecdsa_verify_hash(struct udevice *dev,
> +             ret = ops->verify(dev, &key, hash, algo->checksum_len,
> +                               sig, sig_len);
> +
> +             /* On success, don't worry about remaining keys */
> +             if (!ret) {
> +                     fdt_free_key(&key);
> +                     return 0;
> +             }
> +     }

When ops->verify() returns non-zero, the loop continues but does not
call fdt_free_key(), leaking memory allocated by memdup() for each
failed attempt. Please can you add fdt_free_key(&key) for the failure
case.

> diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
> @@ -50,15 +57,37 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
> +     x = memdup((char *)key->x + (x_len - expected_len), expected_len);
> +     key->x = (const uint8_t *)x;
> +
> +     y = memdup((char *)key->y + (y_len - expected_len), expected_len);
> +     key->y = (const uint8_t *)y;

The memdup() calls are not checked for allocation failure. If x
succeeds but y fails, x is leaked. Please can you check return values
and return -ENOMEM on failure.

> diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
> @@ -63,12 +83,34 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
> +     x = memdup((char *)key->x + (x_len - expected_len), expected_len);
> +     key->x = (const uint8_t *)x;
> +
> +     y = memdup((char *)key->y + (y_len - expected_len), expected_len);
> +     key->y = (const uint8_t *)y;

Same issue here - missing error handling for memdup() failures.

Regards,
Simon

More information about the U-Boot mailing list