summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorStefan Berger <stefanb@linux.ibm.com>2024-05-30 01:08:26 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2024-06-07 13:46:39 +0200
commit2fd2a82ccbfc106aec314db6c4bda5e24fd32a22 (patch)
tree334d189cea46163530c96cb371f8c8502467a472 /crypto
parentcrypto: lib - add missing MODULE_DESCRIPTION() macros (diff)
downloadlinux-2fd2a82ccbfc106aec314db6c4bda5e24fd32a22.tar.xz
linux-2fd2a82ccbfc106aec314db6c4bda5e24fd32a22.zip
crypto: ecdsa - Use ecc_digits_from_bytes to create hash digits array
Since ecc_digits_from_bytes will provide zeros when an insufficient number of bytes are passed in the input byte array, use it to create the hash digits directly from the input byte array. This avoids going through an intermediate byte array (rawhash) that has the first few bytes filled with zeros. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/ecdsa.c17
1 files changed, 4 insertions, 13 deletions
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index 55114146ff84..daab3c2b87c1 100644
--- a/crypto/ecdsa.c
+++ b/crypto/ecdsa.c
@@ -142,10 +142,8 @@ static int ecdsa_verify(struct akcipher_request *req)
struct ecdsa_signature_ctx sig_ctx = {
.curve = ctx->curve,
};
- u8 rawhash[ECC_MAX_BYTES];
u64 hash[ECC_MAX_DIGITS];
unsigned char *buffer;
- ssize_t diff;
int ret;
if (unlikely(!ctx->pub_key_set))
@@ -164,18 +162,11 @@ static int ecdsa_verify(struct akcipher_request *req)
if (ret < 0)
goto error;
- /* if the hash is shorter then we will add leading zeros to fit to ndigits */
- diff = bufsize - req->dst_len;
- if (diff >= 0) {
- if (diff)
- memset(rawhash, 0, diff);
- memcpy(&rawhash[diff], buffer + req->src_len, req->dst_len);
- } else if (diff < 0) {
- /* given hash is longer, we take the left-most bytes */
- memcpy(&rawhash, buffer + req->src_len, bufsize);
- }
+ if (bufsize > req->dst_len)
+ bufsize = req->dst_len;
- ecc_swap_digits((u64 *)rawhash, hash, ctx->curve->g.ndigits);
+ ecc_digits_from_bytes(buffer + req->src_len, bufsize,
+ hash, ctx->curve->g.ndigits);
ret = _ecdsa_verify(ctx, hash, sig_ctx.r, sig_ctx.s);