From: Jonas Rebmann <jre@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
"open list:BAREBOX" <barebox@lists.infradead.org>
Cc: Lukas Wunner <lukas@wunner.de>,
Ahmad Fatoum <a.fatoum@pengutronix.de>,
Jonas Rebmann <jre@pengutronix.de>,
Stefan Berger <stefanb@linux.ibm.com>,
Venkat Rao Bagalkote <venkat88@linux.vnet.ibm.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 2/4] crypto: ecc - Fix off-by-one missing to clear most significant digit
Date: Mon, 18 May 2026 09:56:14 +0200 [thread overview]
Message-ID: <20260518-barebox-port-ecc-v1-2-25509bd37030@pengutronix.de> (raw)
In-Reply-To: <20260518-barebox-port-ecc-v1-0-25509bd37030@pengutronix.de>
From: Stefan Berger <stefanb@linux.ibm.com>
Fix an off-by-one error where the most significant digit was not
initialized leading to signature verification failures by the testmgr.
Example: If a curve requires ndigits (=9) and diff (=2) indicates that
2 digits need to be set to zero then start with digit 'ndigits - diff' (=7)
and clear 'diff' digits starting from there, so 7 and 8.
Reported-by: Venkat Rao Bagalkote <venkat88@linux.vnet.ibm.com>
Closes: https://lore.kernel.org/linux-crypto/619bc2de-b18a-4939-a652-9ca886bf6349@linux.ibm.com/T/#m045d8812409ce233c17fcdb8b88b6629c671f9f4
Fixes: 2fd2a82ccbfc ("crypto: ecdsa - Use ecc_digits_from_bytes to create hash digits array")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Venkat Rao Bagalkote <venkat88@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from linux commit 1dcf865d3bf5bff45e93cb2410911b3428dacb78)
Reported-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
---
crypto/ecc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 77068ebfbd..01003d8a38 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1,4 +1,4 @@
-// SPDX-Comment: Origin-URL: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/crypto/ecc.c?id=c6ab5c915da460c0397960af3c308386c3f3247b
+// SPDX-Comment: Origin-URL: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/crypto/ecc.c?id=1dcf865d3bf5bff45e93cb2410911b3428dacb78
/*
* Copyright (c) 2013, 2014 Kenneth MacKay. All rights reserved.
* Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org>
@@ -66,7 +66,7 @@ void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
/* diff > 0: not enough input bytes: set most significant digits to 0 */
if (diff > 0) {
ndigits -= diff;
- memset(&out[ndigits - 1], 0, diff * sizeof(u64));
+ memset(&out[ndigits], 0, diff * sizeof(u64));
}
if (o) {
--
2.54.0.129.g3edf2eeba9
next prev parent reply other threads:[~2026-05-18 7:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-18 7:56 [PATCH 0/4] crypto: Port ecc.c fixes from kernel Jonas Rebmann
2026-05-18 7:56 ` [PATCH 1/4] crypto: ecc: Add Origin-URL to document kernel revision Jonas Rebmann
2026-05-18 7:56 ` Jonas Rebmann [this message]
2026-05-18 7:56 ` [PATCH 3/4] crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Jonas Rebmann
2026-05-18 7:56 ` [PATCH 4/4] crypto: ecc - Streamline alloc_point and remove {alloc,free}_digits_space Jonas Rebmann
2026-05-18 13:25 ` [PATCH 0/4] crypto: Port ecc.c fixes from kernel Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260518-barebox-port-ecc-v1-2-25509bd37030@pengutronix.de \
--to=jre@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=lukas@wunner.de \
--cc=s.hauer@pengutronix.de \
--cc=stefanb@linux.ibm.com \
--cc=venkat88@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox