diff options
author | Stefan Berger <stefanb@linux.ibm.com> | 2024-06-13 23:38:20 +0200 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2024-06-16 07:41:53 +0200 |
commit | 1dcf865d3bf5bff45e93cb2410911b3428dacb78 (patch) | |
tree | 95dccb50120a3e8ef9adfd1842c900660fea19e1 /crypto | |
parent | crypto: ecc - Add comment to ecc_digits_from_bytes about input byte array (diff) | |
download | linux-1dcf865d3bf5bff45e93cb2410911b3428dacb78.tar.xz linux-1dcf865d3bf5bff45e93cb2410911b3428dacb78.zip |
crypto: ecc - Fix off-by-one missing to clear most significant digit
Fix an off-by-one error where the most significant digit was not
initialized leading to signature verification failures by the testmgr.
Example: If a curve requires ndigits (=9) and diff (=2) indicates that
2 digits need to be set to zero then start with digit 'ndigits - diff' (=7)
and clear 'diff' digits starting from there, so 7 and 8.
Reported-by: Venkat Rao Bagalkote <venkat88@linux.vnet.ibm.com>
Closes: https://lore.kernel.org/linux-crypto/619bc2de-b18a-4939-a652-9ca886bf6349@linux.ibm.com/T/#m045d8812409ce233c17fcdb8b88b6629c671f9f4
Fixes: 2fd2a82ccbfc ("crypto: ecdsa - Use ecc_digits_from_bytes to create hash digits array")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Venkat Rao Bagalkote <venkat88@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ecc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/ecc.c b/crypto/ecc.c index af698f8852fb..420decdad7d9 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -78,7 +78,7 @@ void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes, /* diff > 0: not enough input bytes: set most significant digits to 0 */ if (diff > 0) { ndigits -= diff; - memset(&out[ndigits - 1], 0, diff * sizeof(u64)); + memset(&out[ndigits], 0, diff * sizeof(u64)); } if (o) { |