Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.0/patches/2198146/?format=api
{ "id": 2198146, "url": "http://patchwork.ozlabs.org/api/1.0/patches/2198146/?format=api", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/1.0/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260219132552.1499698-6-philippe.reynes@softathome.com>", "date": "2026-02-19T13:25:48", "name": "[RFC,v2,5/9] ecdsa: fix support of secp521r1", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "0eb8655810792d6168ea19a0608d2ec408aff009", "submitter": { "id": 74351, "url": "http://patchwork.ozlabs.org/api/1.0/people/74351/?format=api", "name": "Philippe Reynes", "email": "philippe.reynes@softathome.com" }, "delegate": { "id": 161313, "url": "http://patchwork.ozlabs.org/api/1.0/users/161313/?format=api", "username": "raymo200915", "first_name": "Raymond", "last_name": "Mao", "email": "raymondmaoca@gmail.com" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260219132552.1499698-6-philippe.reynes@softathome.com/mbox/", "series": [ { "id": 492675, "url": "http://patchwork.ozlabs.org/api/1.0/series/492675/?format=api", "date": "2026-02-19T13:25:49", "name": "add software ecdsa support", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/492675/mbox/" } ], "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2198146/checks/", "tags": {}, "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=gaT1QSV+;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"gaT1QSV+\";\n\tdkim-atps=neutral", "phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=philippe.reynes@softathome.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGvKZ2vJ5z1xpY\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 20 Feb 2026 00:26:26 +1100 (AEDT)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id CF24983DBF;\n\tThu, 19 Feb 2026 14:26:18 +0100 (CET)", "by phobos.denx.de (Postfix, from userid 109)\n id 2B04183E1E; Thu, 19 Feb 2026 14:26:16 +0100 (CET)", "from PA5P264CU001.outbound.protection.outlook.com\n (mail-francecentralazlp170100000.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c20a::])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 25A7B83D2E\n for <u-boot@lists.denx.de>; Thu, 19 Feb 2026 14:26:14 +0100 (CET)", "from MR1P264CA0196.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:57::14)\n by PR0P264MB1931.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:16c::16) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Thu, 19 Feb\n 2026 13:26:10 +0000", "from MR1PEPF00000D58.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:501:57:cafe::fb) by MR1P264CA0196.outlook.office365.com\n (2603:10a6:501:57::14) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9632.16 via Frontend Transport; Thu,\n 19 Feb 2026 13:26:10 +0000", "from proxy.softathome.com (149.6.166.170) by\n MR1PEPF00000D58.mail.protection.outlook.com (10.167.241.5) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9632.12\n via Frontend Transport; Thu, 19 Feb 2026 13:26:10 +0000", "from sah1lpt726.home (unknown [192.168.72.32])\n by proxy.softathome.com (Postfix) with ESMTPSA id EF095202D7;\n Thu, 19 Feb 2026 14:26:09 +0100 (CET)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=iQTQx99A/0wC8K0j13GGdZZlBeqWS5PJQxRQRGX1e4PowMeJtE3G4WqHLXQTRXL5GHQbgCN/4yaCsK4qWpkvIVpXdDiFnLtUSXZDugwlonCYZfwn8dT8bm3YwR77YCciC20spOr2ioNSAGBK0W/MBtw+Yzpe234DWWcE/enPu3JnTbkKSmX40MEBjiedc6IkKbkx15+NvK/BxZmyeY3djwzZGh+ExKnLooveYdVVHwNsoIGicmCK+52a7wsRjOjsJgdeECGM44HlOcObDODddShmmRt78f3nhabvekA6q0flhbCFFC8e1eRp7qHvIw1MGxlAU522/UnZFpxgHKvMHg==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=fmihIIHrfPwyuB0NdCHqpLza2NN9lP5ba29XYZnFMHM=;\n b=ddG5I8+QxeO6wcRczi710v14y7mOtQ9h0pQRUp73AyomyJnuuXgh37crB9S73Gv8ijUUmA5mxT995CbVzNUtFBvBfR27xqbMvlRmSjSQ58TvOcPlQEtYQTCx073Zt2blDuPw33ZuyN5xYUeQm+cttt8XVfcdOGasrMzNGfW7HUXXHNYOwLlTfh1v9cQr5Nlnw1IdVGejI0Z/5m9qwsQ8jAm84sTAAvuQnj/sIOSuvZa2e6Dj0cS03kSUT0GoHYDdbEDS18zaYcqtHJTcuwSIby7PgZ5x9pW2u5BkyH8bmNVjiTlosTi+WVuxVjyXlYVcS4Oy6STl1YJltVnX+FUsFQ==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=gmail.com smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=fmihIIHrfPwyuB0NdCHqpLza2NN9lP5ba29XYZnFMHM=;\n b=gaT1QSV+XrtLW6CfSH+OXJGSAL/KqrMHqK3TOo+rvvGtOLN+0Pxf5OUFJK/xN6Q7Arj9cSY2DqlWUhA0X8B/VCErV9q4CCsl9sXbemdAEcLW8s4eQ0TfP9rK6JOjp1x3NH2ykqEwYs5+IAw81B/S1hBqqt83MwSWZW2KQ3aDEIjVGXRhXqtRb0XF9Bhr2Gn1dzB7al/gzjXjAqHfEru1Xp3eiejnEqOr/azKS1vGGLB8SiRcIUasfGitaT/J4p+16YQHKA8kap97cxuzoR6AkuJZFpPLfyVp2yELe5sci0YrnSZnJqJFMd2dZX4r2T5CYmZIb9D7WduJLDgiqEIgBg==", "X-MS-Exchange-Authentication-Results": "spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;", "Received-SPF": "Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C", "From": "Philippe Reynes <philippe.reynes@softathome.com>", "To": "marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com", "Cc": "u-boot@lists.denx.de,\n\tPhilippe Reynes <philippe.reynes@softathome.com>", "Subject": "[RFC PATCH v2 5/9] ecdsa: fix support of secp521r1", "Date": "Thu, 19 Feb 2026 14:25:48 +0100", "Message-ID": "<20260219132552.1499698-6-philippe.reynes@softathome.com>", "X-Mailer": "git-send-email 2.43.0", "In-Reply-To": "<20260219132552.1499698-1-philippe.reynes@softathome.com>", "References": "<20260219132552.1499698-1-philippe.reynes@softathome.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-EOPAttributedMessage": "0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "MR1PEPF00000D58:EE_|PR0P264MB1931:EE_", "Content-Type": "text/plain", "X-MS-Office365-Filtering-Correlation-Id": "eb07201e-30b1-468b-352b-08de6fba7240", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|376014|82310400026|1800799024|36860700013;", "X-Microsoft-Antispam-Message-Info": "\n cjncWkMSwEnCZtUrxW/vBz+WllYlbJSatAQ+QoJmn/gcF9RzfE2H2nAziDzzJPYufwNqL43GDHB5E7q6739r4kcftwq4u4jHDnzGqJfxOqe4AJaxgH2MM6gg+T4qWZZujDITYTYDuip0164rXT+0ULsVBhaZ1MuNxXjQRHj2vWH9XehiBnnrzQlMYA06bxILp+QSHNCN08pJLa/IWeUpYSAvBTZ8rou9YCSsRB0zoCLD8lSnafkSDqNHIPj2ibRMb3vhcFDUCIDd40xR77tm7LbuvCtbiimkIEtHXiNjUWN6MQegScuvnRpxrhVJsoZwyO6Azh0BofHFyDd78e+908dE2IPamdgOsap6rc7pb/JjOG1ktS4vOYjRcLdcun4At7hdi5ySQ64B+whg77udlW55uLcdchAm412O/ETeRNF3QSBjKEr/YPTRB3J8ZZ1pX+0JC1snhgcK5wJrvyuU5rkq1EJqt3qAcVz8AuOtV3c8HMnpPa29KX2DFfcqta2kFQGHk2ob3jy162aE1ewqNxd+U1D9Fu4QIQbkpKqPBmk7sY8gwKgM75h6+zQf3BZiJzE0l7sL/aIVDTt15lRfClfLxxTGzsmkrXS18KeM3jqp0hJ90GNv9n//G7NYxwM1TV1YJbQX4QTSe2fmcUGvW3QCy6YuFw8IwX03ggM9npMM/lcZsxnLxbEE/WcgLt538WV0duOHWPrJ0d2a3ziYvibi++TARf1aJvFUebo7xkP86DpQ2taE6J1Tb3z4FwhWLpmx+0AaY+Q6P5evN8cGSTot4glNjCbv/2ott9G8PtO6ytd65qcPaZ0lsMWs4UCHaI8C0NKcLjijzUqxRWgGXnQ1B8rKHms6Q/7N9byS5Nxd2vJ2UzEoWZtP4FXF9bAj2f3/worRCCFX8ZLdX68Rs71HsneiuyVpoyfNoinuhzTz4ZEQ137dApyRHAft62PDzAnMpETtwy7oFEgM/nRMcR7SRf8czH1RSatN0Cbh3qGSsp6TpaZeAd7eJBWhy2Ho1cnuscUxzElIG8LWZ39pyCz+zK8gWfQOWNwjQc9syTfsoGF+rGOaQZqenPVzrvEHYC76K8X3GABZg9R7dQUG3NCg52OXmF2nqnwoiyw1cqIYHnvgPJzJofn3Hp+uyFSWncSCnkQ3vr8aLBMclAsjVYMxm2psENWMq7zc+rLmEmtR2+37jN4yAlBQZQo6reQcCHJ0EYnpADmjZLY6ka4fe+/kX39Jkb76f5Vm7bN7u+XefSuEQKB058RgVqerpCgluG5r1ad2J3zVRy5t+6SjXJE7Cg8u9zkFM0ap2z1feqQDaVRQYYDzjBXMOqAD3ILc00LrhzDWC+ou2z7BZ+K61SIe5xtgT8KP0FmS1Bwo9wO9CYCdorgYMpYlHk8p/sPRjn7SKl+FQoAnVsc1fYZkL4im8rH9iRhDtRKDtyN/psEp7+bcbn3BClsakyb2fahsYXx3QvnUmgJkOd64g+tHOFyWvpoQylIbEZrUyTAtQPN86CIrvsT7fMkolPGRygC0mcGI/TSN6yWhzkT3ipAAPwrrE4+WTTtzum1xxmSRrdghlVjizDDYKKY0a+tUrXha2i1/Lq5urUn0Br/8eg2JhgMzRtXKz/LbI3hLV3LJJ5jeUHMomDJs9JxT0n7q9aYJTmHoeAq2cu0ZgwEcCqJ0FA==", "X-Forefront-Antispam-Report": "CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(376014)(82310400026)(1800799024)(36860700013); DIR:OUT;\n SFP:1101;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "1", "X-MS-Exchange-AntiSpam-MessageData-0": "\n AMbPFN2Ha9ejQb1g66fDM3t4MgAi1Yf1Q7ROUfy1T5KUSr8jmhr52+27uqfU9q8P3OrfgXsKSsL2sIseqPuaCdqdlna+5erchxFLSJuoFhQqo83bdwAeyOiivDD5XS/na3gP4qcAOFSlcto0sbVhl1cY3iVYjB+uhxQ6P7HPpaj8y+2DQLNcSFSIErQNlPPnpWpxkBp0EEyMoUi7noOI6a7XgTPRN2EvDxEgIomS6enrPlaxgMPqn1X5If6f1gYebm7hmMl3w9S+sQDp9evSrndNQVldC8KpEPkBnf/q9g0wgaQkIBCc4Q8TCG2PqpbzAjbQ1EnBxKbwt4I2rq0Ld8ipMWSyjhk4c84K3V58SYEi0flL6soVuE7wdmXgF/tSf5xmDNrC9KuZrIMYfznWuVfORCH7uNwoZAcqvOCAIPmtbg3wsy7rFljo1uHTRauS", "X-OriginatorOrg": "softathome.com", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "19 Feb 2026 13:26:10.3948 (UTC)", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n eb07201e-30b1-468b-352b-08de6fba7240", "X-MS-Exchange-CrossTenant-Id": "aa10e044-e405-4c10-8353-36b4d0cce511", "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp": "\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]", "X-MS-Exchange-CrossTenant-AuthSource": "MR1PEPF00000D58.FRAP264.PROD.OUTLOOK.COM", "X-MS-Exchange-CrossTenant-AuthAs": "Anonymous", "X-MS-Exchange-CrossTenant-FromEntityHeader": "HybridOnPrem", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "PR0P264MB1931", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Current implementation of ecdsa only supports key len aligned on\n8 bits. But the curve secp521r1 use a key of 521 bits which is not\naligned on 8 bits. In this commit, we update the key management\nfor ecdsa to support key of any lenght.\n\nSigned-off-by: Philippe Reynes <philippe.reynes@softathome.com>\n---\nv2:\n- intitial version\n\n lib/ecdsa/ecdsa-libcrypto.c | 21 +++++++++++++++++++--\n lib/ecdsa/ecdsa-verify.c | 24 ++++++++++++++++++++++--\n lib/fdt-libcrypto.c | 2 +-\n tools/image-sig-host.c | 2 +-\n 4 files changed, 43 insertions(+), 6 deletions(-)", "diff": "diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c\nindex c4bfb2cec61..6f25ccc783d 100644\n--- a/lib/ecdsa/ecdsa-libcrypto.c\n+++ b/lib/ecdsa/ecdsa-libcrypto.c\n@@ -45,6 +45,7 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n {\n \tint x_len;\n \tint y_len;\n+\tint expected_len;\n \n \tkey->curve_name = fdt_getprop(fdt, node, \"ecdsa,curve\", NULL);\n \tif (!key->curve_name)\n@@ -54,6 +55,8 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n \t\tkey->size_bits = 256;\n \telse if (!strcmp(key->curve_name, \"secp384r1\"))\n \t\tkey->size_bits = 384;\n+\telse if (!strcmp(key->curve_name, \"secp521r1\"))\n+\t\tkey->size_bits = 521;\n \telse\n \t\treturn -EINVAL;\n \n@@ -63,7 +66,19 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n \tif (!key->x || !key->y)\n \t\treturn -EINVAL;\n \n-\tif (x_len != key->size_bits / 8 || y_len != key->size_bits / 8)\n+\t/*\n+\t * the public key is stored as an array of u32, so if the key size if\n+\t * not a multiple of 32 (for example 521), we may have extra bytes.\n+\t * To avoid any issue later, we shift the x and y pointer to the first\n+\t * useful byte.\n+\t */\n+\texpected_len = (key->size_bits + 7) / 8;\n+\tif (x_len > expected_len)\n+\t\tkey->x += x_len - expected_len;\n+\tif (y_len > expected_len)\n+\t\tkey->y += y_len - expected_len;\n+\n+\tif (x_len < expected_len || y_len < expected_len)\n \t\treturn -EINVAL;\n \n \treturn 0;\n@@ -89,6 +104,8 @@ static int read_key_from_fdt(struct signer *ctx, const void *fdt, int node)\n \t\tnid = NID_X9_62_prime256v1;\n \t} else if (!strcmp(pubkey.curve_name, \"secp384r1\")) {\n \t\tnid = NID_secp384r1;\n+\t} else if (!strcmp(pubkey.curve_name, \"secp521r1\")) {\n+\t\tnid = NID_secp521r1;\n \t} else {\n \t\tfprintf(stderr, \"Unsupported curve name: '%s'\\n\", pubkey.curve_name);\n \t\treturn -EINVAL;\n@@ -111,7 +128,7 @@ static int read_key_from_fdt(struct signer *ctx, const void *fdt, int node)\n \t\treturn -ENOMEM;\n \t}\n \n-\tlen = pubkey.size_bits / 8;\n+\tlen = (pubkey.size_bits + 7) / 8;\n \n \tuint8_t buf[1 + len * 2];\n \ndiff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c\nindex 629b662cf6c..d87d95a5002 100644\n--- a/lib/ecdsa/ecdsa-verify.c\n+++ b/lib/ecdsa/ecdsa-verify.c\n@@ -24,13 +24,15 @@ static int ecdsa_key_size(const char *curve_name)\n \t\treturn 256;\n \telse if (!strcmp(curve_name, \"secp384r1\"))\n \t\treturn 384;\n+\telse if (!strcmp(curve_name, \"secp521r1\"))\n+\t\treturn 521;\n \n \treturn 0;\n }\n \n static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n {\n-\tint x_len, y_len;\n+\tint expected_len, x_len, y_len;\n \n \tkey->curve_name = fdt_getprop(fdt, node, \"ecdsa,curve\", NULL);\n \tif (!key->curve_name) {\n@@ -50,7 +52,19 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n \tif (!key->x || !key->y)\n \t\treturn -EINVAL;\n \n-\tif (x_len != (key->size_bits / 8) || y_len != (key->size_bits / 8)) {\n+\t/*\n+\t * the public key is stored as an array of u32, so if the key size if\n+\t * not a multiple of 32 (for example 521), we may have extra bytes.\n+\t * To avoid any issue later, we shift the x and y pointer to the first\n+\t * useful byte.\n+\t */\n+\texpected_len = (key->size_bits + 7) / 8;\n+\tif (x_len > expected_len)\n+\t\tkey->x += x_len - expected_len;\n+\tif (y_len > expected_len)\n+\t\tkey->y += y_len - expected_len;\n+\n+\tif (x_len < expected_len || y_len < expected_len) {\n \t\tprintf(\"%s: node=%d, curve@%p x@%p+%i y@%p+%i\\n\", __func__,\n \t\t node, key->curve_name, key->x, x_len, key->y, y_len);\n \t\treturn -EINVAL;\n@@ -135,6 +149,12 @@ U_BOOT_CRYPTO_ALGO(ecdsa384) = {\n \t.verify = ecdsa_verify,\n };\n \n+U_BOOT_CRYPTO_ALGO(ecdsa521) = {\n+\t.name = \"ecdsa521\",\n+\t.key_len = ECDSA521_BYTES,\n+\t.verify = ecdsa_verify,\n+};\n+\n /*\n * uclass definition for ECDSA API\n *\ndiff --git a/lib/fdt-libcrypto.c b/lib/fdt-libcrypto.c\nindex ecb0344c8f6..090246b44e9 100644\n--- a/lib/fdt-libcrypto.c\n+++ b/lib/fdt-libcrypto.c\n@@ -10,7 +10,7 @@\n int fdt_add_bignum(void *blob, int noffset, const char *prop_name,\n \t\t BIGNUM *num, int num_bits)\n {\n-\tint nwords = num_bits / 32;\n+\tint nwords = (num_bits + 31) / 32;\n \tint size;\n \tuint32_t *buf, *ptr;\n \tBIGNUM *tmp, *big2, *big32, *big2_32;\ndiff --git a/tools/image-sig-host.c b/tools/image-sig-host.c\nindex 5285263c616..a2272b196e7 100644\n--- a/tools/image-sig-host.c\n+++ b/tools/image-sig-host.c\n@@ -84,7 +84,7 @@ struct crypto_algo crypto_algos[] = {\n \t\t.verify = ecdsa_verify,\n \t},\n \t{\n-\t\t.name = \"secp521r1\",\n+\t\t.name = \"ecdsa521\",\n \t\t.key_len = ECDSA521_BYTES,\n \t\t.sign = ecdsa_sign,\n \t\t.add_verify_data = ecdsa_add_verify_data,\n", "prefixes": [ "RFC", "v2", "5/9" ] }