[PATCH v5 01/15] ecdsa: fix support of secp521r1

Wed Apr 22 02:11:36 CEST 2026

Hi Philippe,

On 2026-04-21T21:09:51, Philippe Reynes <philippe.reynes at softathome.com> wrote:
> ecdsa: fix support of secp521r1
>
> Current implementation of ecdsa only supports key len aligned on
> 8 bits. But the curve secp521r1 uses a key of 521 bits which is not
> aligned on 8 bits. In this commit, we update the keys management
> for ecdsa to support keys that are not aligned on 8 bits.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
>
> lib/ecdsa/ecdsa-libcrypto.c | 63 +++++++++++++++++++++++++++++++++++--
>  lib/ecdsa/ecdsa-verify.c    | 75 ++++++++++++++++++++++++++++++++++++++++-----
>  lib/fdt-libcrypto.c         |  2 +-
>  tools/image-sig-host.c      |  7 +++++
>  4 files changed, 137 insertions(+), 10 deletions(-)

> diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
> @@ -26,6 +26,8 @@
> +#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))

DIV_ROUND_UP is already defined in include/linux/kernel.h. Please can
you include that header instead.

> diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
> @@ -41,10 +43,26 @@ struct ecdsa_public_key {
> +static char *memdup(char *buf, size_t size)
> +{
> +     char *dup;
> +
> +     dup = malloc(size);
> +     if (dup)
> +             memcpy(dup, buf, size);
> +
> +     return dup;
> +}

A global memdup() exists in lib/string.c (declared in
include/linux/string.h). Please can you use that instead to avoid
conflicts.

> diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
> @@ -73,11 +111,16 @@ static int ecdsa_verify_hash(struct udevice *dev,
>       if (info->required_keynode > 0) {
>               ret = fdt_get_key(&key, info->fdt_blob, info->required_keynode);
> -             if (ret < 0)
> +             if (ret < 0) {
> +                     fdt_free_key(&key);
>                       return ret;
> +             }

Calling fdt_free_key() after fdt_get_key() fails is unnecessary. When
fdt_get_key() returns early, key->x and key->y may be uninitialised.
Please can you remove the fdt_free_key() call in this error path.

> diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
> @@ -87,15 +130,21 @@ static int ecdsa_verify_hash(struct udevice *dev,
>       fdt_for_each_subnode(key_node, info->fdt_blob, sig_node) {
>               ret = fdt_get_key(&key, info->fdt_blob, key_node);
> -             if (ret < 0)
> +             if (ret < 0) {
> +                     fdt_free_key(&key);
>                       continue;
> +             }

Same issue here.

> diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
> @@ -135,6 +184,18 @@ U_BOOT_CRYPTO_ALGO(ecdsa384) = {
> +U_BOOT_CRYPTO_ALGO(secp521r1) = {
> +     .name = 'secp521r1',
> +     .key_len = ECDSA521_BYTES,
> +     .verify = ecdsa_verify,
> +};

Just to check — why add secp521r1 as an alias for ecdsa521 but not
secp256r1/secp384r1 for the other curves?

Regards,
Simon