{"id":2224484,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2224484/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/patch/20260417130204.49896-6-philippe.reynes@softathome.com/","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/1.2/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260417130204.49896-6-philippe.reynes@softathome.com>","list_archive_url":null,"date":"2026-04-17T13:01:55","name":"[v4,05/14] ecdsa: fix support of secp521r1","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"b3fde44db74921e4fcea864b4cf5164edcccfdb2","submitter":{"id":74351,"url":"http://patchwork.ozlabs.org/api/1.2/people/74351/?format=json","name":"Philippe Reynes","email":"philippe.reynes@softathome.com"},"delegate":{"id":161313,"url":"http://patchwork.ozlabs.org/api/1.2/users/161313/?format=json","username":"raymo200915","first_name":"Raymond","last_name":"Mao","email":"raymondmaoca@gmail.com"},"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/20260417130204.49896-6-philippe.reynes@softathome.com/mbox/","series":[{"id":500332,"url":"http://patchwork.ozlabs.org/api/1.2/series/500332/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/list/?series=500332","date":"2026-04-17T13:02:04","name":"add software ecdsa support","version":4,"mbox":"http://patchwork.ozlabs.org/series/500332/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2224484/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2224484/checks/","tags":{},"related":[],"headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=bR0lBYmx;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"bR0lBYmx\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=philippe.reynes@softathome.com"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fxw704SrSz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 17 Apr 2026 23:03:40 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id A873C842B7;\n\tFri, 17 Apr 2026 15:02:20 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id 55F888422D; Fri, 17 Apr 2026 15:02:19 +0200 (CEST)","from PR0P264CU014.outbound.protection.outlook.com\n (mail-francecentralazlp170120004.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c20a::4])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 052DB84262\n for <u-boot@lists.denx.de>; Fri, 17 Apr 2026 15:02:17 +0200 (CEST)","from MR1P264CA0074.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:3f::29)\n by MR0P264MB5225.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:4a::6) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.25; Fri, 17 Apr\n 2026 13:02:10 +0000","from MR1PEPF00000D5A.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:501:3f:cafe::f6) by MR1P264CA0074.outlook.office365.com\n (2603:10a6:501:3f::29) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.52 via Frontend Transport; Fri,\n 17 Apr 2026 13:02:10 +0000","from proxy.softathome.com (149.6.166.170) by\n MR1PEPF00000D5A.mail.protection.outlook.com (10.167.241.7) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.17\n via Frontend Transport; Fri, 17 Apr 2026 13:02:10 +0000","from sah1lpt726.home (unknown [192.168.72.39])\n by proxy.softathome.com (Postfix) with ESMTPSA id EA88A20EC2;\n Fri, 17 Apr 2026 15:02:09 +0200 (CEST)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=kNxmcIbA8ehGXs6GcB2cmvMZ/EzeHGGKgAYZhyKYGoKYMMO5xrbAdN+mZbRDekOTX79Tn4vQm7qeuPYfsDPfWzqhN0P0ew4z/Rh1KBajvDGhdfmAOk8xMwlqYCpd4t/7QgnY4dGav1QVUdTp/HFaL12Py12jFNozmFyOJrvgjQ861AfThmnkKs8M4NGwqBhQqOiLoMxmhA7ESSzLeT87HW0uJrb5xcgftEiGn3UMpoYD+cmnZ3fCXqre8xQi2HKx46DgEZ/2rpNDXjo6TuUhWEsBiPqoAr7ssVAvf9EJkHc709P4xal3r9D22fRAlY62DgLRVmz9S+I9+wTFxL0wVA==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=JHUjkzlP0mkhuvuMEAF3tRhiL3zxHnx0LHlbJiRxqT0=;\n b=EDODsbfX/b2H2MxTDfDHqjbFJhjqsCBBUtzaF5CCFvsRoocT0zIWbTnWEQ6fKLAfdfHXkdsaWEbQuBJn2qM9z2Bs++BS4CKo8iP2d2n2uxZQS03kCuhFIbz4WIbZUbNVEhPIi1Q1rl8l0xmydoMm0Y2YmKv7JAlxxeCEXZlmYMS3Feha4fDTMYh6FqgFwXnzGUIFqQMMLVUj/Mt0dFbeepQPiPJ0HJFwwnI+rt2ixjt3jer8WwmZx9/jP803a4qU2dsdD4LuMG8SvyerrMtK/6yjNr33UuI5QrWZhIt+tDlXxjKldUm3lvPg+j9o3zKyvMjv0BDX1Zn4iICJ/39uHg==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=canonical.com smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=JHUjkzlP0mkhuvuMEAF3tRhiL3zxHnx0LHlbJiRxqT0=;\n b=bR0lBYmxcGbQwyz39N/uIiaGT9FCcjh63rWHOsFrlNbzISBwXNJfUDq/CXDli+jjs4HuQ9OL0xIXmpNxlXmU5r7oqgO0PYgDHfrzgdQNS48j0ko+YdfvKc2JMtQuJQ+69rvtaI6OanfjyL7jORZxc0E4XKC225kbzjlS6QJKKkEn1+udEd6GHA48ao/Xl9E4ksZcSEYZ3TsHn/Qn1Qjxw44uJz53uOkrsageimTXfAuN+Rcys/sUPJgZb8vWCL/nJlT7bg8/fL7cTHCikP1ednaYZUGXdYpvHQfIboGmPCOxySNDjzvon/qHL33zIm+H2N3EfozMfVDWIWm9DqXCnw==","X-MS-Exchange-Authentication-Results":"spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;","Received-SPF":"Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C","From":"Philippe Reynes <philippe.reynes@softathome.com>","To":"marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com, simon.glass@canonical.com","Cc":"u-boot@lists.denx.de,\n\tPhilippe Reynes <philippe.reynes@softathome.com>","Subject":"[PATCH v4 05/14] ecdsa: fix support of secp521r1","Date":"Fri, 17 Apr 2026 15:01:55 +0200","Message-ID":"<20260417130204.49896-6-philippe.reynes@softathome.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260417130204.49896-1-philippe.reynes@softathome.com>","References":"<20260417130204.49896-1-philippe.reynes@softathome.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-EOPAttributedMessage":"0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"MR1PEPF00000D5A:EE_|MR0P264MB5225:EE_","Content-Type":"text/plain","X-MS-Office365-Filtering-Correlation-Id":"f2b65dc2-5ff8-40ad-34d2-08de9c818982","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|1800799024|376014|82310400026|36860700016|18002099003|22082099003|56012099003;","X-Microsoft-Antispam-Message-Info":"\n X4dOGmpCx0RGtocBe9aQOcxaj68K5onvB7rS938DN9+aeGgW1KjhlL5ik2qdhH4Z/84n2RfzqXCSS4dToG6kCuLGdfAE/pby11vT6ZwpxFeny96vD9iHmdwuhf7kO1tladFAKeaXHlPzGu0+hfqDxGGmMDeMbqgYv0Wi8Nz11nSWxTxT83qS87XThG89kIDMyRSY43mDNFyt+V7EUqeJCVRgW/oNKYDdeaHqALm+KOgT+aUXw7DmTfPs68VMHkbe6QZjoCcHP81nthwG6BOqkyALLbv3ve8n+8rz21dYGzWVslftWkAyJAd+zK+Kz+xmWdzqMpheh4hqCAy6NUXzku3BRCNzR2rkk0C3Tw2yud30iTzMBbZiFyJKWXQwTowkmo9RNz4OcFGEuwh2qBk7hi7M06ccXl3O4g3prhlTAcLGEa+KmsgsL20aIC5H4KKtSFeLvOLB3rREVe56zPBbcaQwsClSVd5gU3JXnE4tVVU0RBOOA+fcYHYHJ3vWDw7eLq7XJBsm6qOkfmIJSDH6798kRVPdkRGHN4+sFJNTNFH7x2sy4BlWf0mGEkH3Deyys2mF+6hdQRTC34J91NJ6JjNS6hPXEaHkOW5vVzYPBuGff0pTTl4Z2dxZZIYBgpOyBdhl0IZb7xmogsPsob8m4ayAZK7k2hu7W0ifpnQwvXbUE5Mi3OEdpCFMwa1KvO8q2fb3CCnczcAafiWYrV6jfeJ9WeUN/SEN/bbamUzbfBo1vtv+0QqwHgyThYrmhsn/vKzPNbe1bxXSfcSgA0vp9A==","X-Forefront-Antispam-Report":"CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(1800799024)(376014)(82310400026)(36860700016)(18002099003)(22082099003)(56012099003);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"\n E+6JPMnOFdrGZYFDFDe0U+iAa/gWU2py5t+uvNDyr4NCvS7QuO1dHqtOmCqawX/PY4xSxQSJQ+5V1KmYSGILAOqQLw0EGxZ8ytw8NapM7B4e41gvCwHScoHTylN39j9FA6Ojl6oXH+puHV5/1m1rjqgfVv1ASv3KRhYf7w8a6e5nkR5PJ9vNth9o5eq1li8sCUxSyDxLDBNtun0XXUEpJkyOmqESD03F98pqEARGqyntMpyXPBkuZ5UAh/lzmlvlFvMpwqXZJOitL5OvT6UNu1L7YslR/xJN6v/Z/c7SLBJtE305k+ly+YWr0Nub/vicQAFpW/RHFn6mFPoq0iDCs/byd7Ct+h5KaOPMyTr+ynJ8Av8CKlFdNSzSWrOitkBCYOBvh7yWT/BUZOPTfwCCldT/yLtEujRt56bjXA5qeFQsH5W5duW2P6C4WMq3GckA","X-OriginatorOrg":"softathome.com","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"17 Apr 2026 13:02:10.4238 (UTC)","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n f2b65dc2-5ff8-40ad-34d2-08de9c818982","X-MS-Exchange-CrossTenant-Id":"aa10e044-e405-4c10-8353-36b4d0cce511","X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp":"\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]","X-MS-Exchange-CrossTenant-AuthSource":"MR1PEPF00000D5A.FRAP264.PROD.OUTLOOK.COM","X-MS-Exchange-CrossTenant-AuthAs":"Anonymous","X-MS-Exchange-CrossTenant-FromEntityHeader":"HybridOnPrem","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"MR0P264MB5225","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"Current implementation of ecdsa only supports key len aligned on\n8 bits. But the curve secp521r1 uses a key of 521 bits which is not\naligned on 8 bits. In this commit, we update the keys management\nfor ecdsa to support keys that are not aligned on 8 bits.\n\nSigned-off-by: Philippe Reynes <philippe.reynes@softathome.com>\n---\nv2:\n- intitial version\nv3:\n- fix typo in comments\nv4:\n- fix commit message\n- clean code with DIV_ROUND_UP-\n- duplicate data before shifting\n- support ecdsa521 and secp521r1\n- clean code\n\n lib/ecdsa/ecdsa-libcrypto.c | 54 +++++++++++++++++++++++++++++--\n lib/ecdsa/ecdsa-verify.c    | 64 +++++++++++++++++++++++++++++++++----\n lib/fdt-libcrypto.c         |  2 +-\n tools/image-sig-host.c      |  7 ++++\n 4 files changed, 117 insertions(+), 10 deletions(-)","diff":"diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c\nindex c4bfb2cec61..9218d06bda0 100644\n--- a/lib/ecdsa/ecdsa-libcrypto.c\n+++ b/lib/ecdsa/ecdsa-libcrypto.c\n@@ -26,6 +26,8 @@\n #include <openssl/ec.h>\n #include <openssl/bn.h>\n \n+#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))\n+\n /* Image signing context for openssl-libcrypto */\n struct signer {\n \tEVP_PKEY *evp_key;\t/* Pointer to EVP_PKEY object */\n@@ -41,10 +43,26 @@ struct ecdsa_public_key {\n \tint size_bits;\n };\n \n+static char *memdup(char *buf, size_t size)\n+{\n+\tchar *dup;\n+\n+\tdup = malloc(size);\n+\tif (dup)\n+\t\tmemcpy(dup, buf, size);\n+\n+\treturn dup;\n+}\n+\n static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n {\n+\tconst char *x;\n+\tconst char *y;\n \tint x_len;\n \tint y_len;\n+\tint expected_len;\n+\n+\tmemset(key, 0, sizeof(*key));\n \n \tkey->curve_name = fdt_getprop(fdt, node, \"ecdsa,curve\", NULL);\n \tif (!key->curve_name)\n@@ -54,6 +72,8 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n \t\tkey->size_bits = 256;\n \telse if (!strcmp(key->curve_name, \"secp384r1\"))\n \t\tkey->size_bits = 384;\n+\telse if (!strcmp(key->curve_name, \"secp521r1\"))\n+\t\tkey->size_bits = 521;\n \telse\n \t\treturn -EINVAL;\n \n@@ -63,12 +83,34 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n \tif (!key->x || !key->y)\n \t\treturn -EINVAL;\n \n-\tif (x_len != key->size_bits / 8 || y_len != key->size_bits / 8)\n+\t/*\n+\t * The public key is stored as an array of u32, so if the key size is\n+\t * not a multiple of 32 (for example 521), we may have extra bytes.\n+\t * To avoid any issue later, we shift the x and y pointer to the first\n+\t * useful byte.\n+\t */\n+\texpected_len = DIV_ROUND_UP(key->size_bits, 8);\n+\n+\tif (x_len < expected_len || y_len < expected_len)\n \t\treturn -EINVAL;\n \n+\tx = memdup((char *)key->x + (x_len - expected_len), expected_len);\n+\tkey->x = (const uint8_t *)x;\n+\n+\ty = memdup((char *)key->y + (y_len - expected_len), expected_len);\n+\tkey->y = (const uint8_t *)y;\n+\n \treturn 0;\n }\n \n+static void fdt_free_key(struct ecdsa_public_key *key)\n+{\n+\tif (!key)\n+\t\treturn;\n+\tfree((char *)key->x);\n+\tfree((char *)key->y);\n+}\n+\n static int read_key_from_fdt(struct signer *ctx, const void *fdt, int node)\n {\n \tstruct ecdsa_public_key pubkey;\n@@ -89,8 +131,11 @@ static int read_key_from_fdt(struct signer *ctx, const void *fdt, int node)\n \t\tnid = NID_X9_62_prime256v1;\n \t} else if (!strcmp(pubkey.curve_name, \"secp384r1\")) {\n \t\tnid = NID_secp384r1;\n+\t} else if (!strcmp(pubkey.curve_name, \"secp521r1\")) {\n+\t\tnid = NID_secp521r1;\n \t} else {\n \t\tfprintf(stderr, \"Unsupported curve name: '%s'\\n\", pubkey.curve_name);\n+\t\tfdt_free_key(&pubkey);\n \t\treturn -EINVAL;\n \t}\n \n@@ -100,6 +145,7 @@ static int read_key_from_fdt(struct signer *ctx, const void *fdt, int node)\n \tec_key = EC_KEY_new_by_curve_name(nid);\n \tif (!ec_key) {\n \t\tfprintf(stderr, \"Failed to allocate EC_KEY for curve %s\\n\", pubkey.curve_name);\n+\t\tfdt_free_key(&pubkey);\n \t\treturn -ENOMEM;\n \t}\n \n@@ -108,10 +154,11 @@ static int read_key_from_fdt(struct signer *ctx, const void *fdt, int node)\n \tif (!point) {\n \t\tfprintf(stderr, \"Failed to allocate EC_POINT\\n\");\n \t\tEC_KEY_free(ec_key);\n+\t\tfdt_free_key(&pubkey);\n \t\treturn -ENOMEM;\n \t}\n \n-\tlen = pubkey.size_bits / 8;\n+\tlen = DIV_ROUND_UP(pubkey.size_bits, 8);\n \n \tuint8_t buf[1 + len * 2];\n \n@@ -123,6 +170,7 @@ static int read_key_from_fdt(struct signer *ctx, const void *fdt, int node)\n \t\tfprintf(stderr, \"Failed to convert (x,y) point to EC_POINT\\n\");\n \t\tEC_POINT_free(point);\n \t\tEC_KEY_free(ec_key);\n+\t\tfdt_free_key(&pubkey);\n \t\treturn -EINVAL;\n \t}\n \n@@ -130,11 +178,13 @@ static int read_key_from_fdt(struct signer *ctx, const void *fdt, int node)\n \t\tfprintf(stderr, \"Failed to set EC_POINT as public key\\n\");\n \t\tEC_POINT_free(point);\n \t\tEC_KEY_free(ec_key);\n+\t\tfdt_free_key(&pubkey);\n \t\treturn -EINVAL;\n \t}\n \n \tfprintf(stderr, \"Successfully loaded ECDSA key from FDT node %d\\n\", node);\n \tEC_POINT_free(point);\n+\tfdt_free_key(&pubkey);\n \tctx->ecdsa_key = ec_key;\n \n \treturn 0;\ndiff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c\nindex 629b662cf6c..64b56bcffba 100644\n--- a/lib/ecdsa/ecdsa-verify.c\n+++ b/lib/ecdsa/ecdsa-verify.c\n@@ -10,6 +10,7 @@\n \n #include <crypto/ecdsa-uclass.h>\n #include <dm/uclass.h>\n+#include <malloc.h>\n #include <u-boot/ecdsa.h>\n \n /*\n@@ -24,13 +25,19 @@ static int ecdsa_key_size(const char *curve_name)\n \t\treturn 256;\n \telse if (!strcmp(curve_name, \"secp384r1\"))\n \t\treturn 384;\n+\telse if (!strcmp(curve_name, \"secp521r1\"))\n+\t\treturn 521;\n \n \treturn 0;\n }\n \n static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n {\n-\tint x_len, y_len;\n+\tint expected_len, x_len, y_len;\n+\tconst char *x;\n+\tconst char *y;\n+\n+\tmemset(key, 0, sizeof(*key));\n \n \tkey->curve_name = fdt_getprop(fdt, node, \"ecdsa,curve\", NULL);\n \tif (!key->curve_name) {\n@@ -50,15 +57,37 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)\n \tif (!key->x || !key->y)\n \t\treturn -EINVAL;\n \n-\tif (x_len != (key->size_bits / 8) || y_len != (key->size_bits / 8)) {\n+\t/*\n+\t * The public key is stored as an array of u32, so if the key size is\n+\t * not a multiple of 32 (for example 521), we may have extra bytes.\n+\t * To avoid any issue later, we shift the x and y pointer to the first\n+\t * useful byte.\n+\t */\n+\texpected_len = DIV_ROUND_UP(key->size_bits, 8);\n+\n+\tif (x_len < expected_len || y_len < expected_len) {\n \t\tprintf(\"%s: node=%d, curve@%p x@%p+%i y@%p+%i\\n\", __func__,\n \t\t       node, key->curve_name, key->x, x_len, key->y, y_len);\n \t\treturn -EINVAL;\n \t}\n \n+\tx = memdup((char *)key->x + (x_len - expected_len), expected_len);\n+\tkey->x = (const uint8_t *)x;\n+\n+\ty = memdup((char *)key->y + (y_len - expected_len), expected_len);\n+\tkey->y = (const uint8_t *)y;\n+\n \treturn 0;\n }\n \n+static void fdt_free_key(struct ecdsa_public_key *key)\n+{\n+\tif (!key)\n+\t\treturn;\n+\tfree((char *)key->x);\n+\tfree((char *)key->y);\n+}\n+\n static int ecdsa_verify_hash(struct udevice *dev,\n \t\t\t     const struct image_sign_info *info,\n \t\t\t     const void *hash, const void *sig, uint sig_len)\n@@ -73,11 +102,16 @@ static int ecdsa_verify_hash(struct udevice *dev,\n \n \tif (info->required_keynode > 0) {\n \t\tret = fdt_get_key(&key, info->fdt_blob, info->required_keynode);\n-\t\tif (ret < 0)\n+\t\tif (ret < 0) {\n+\t\t\tfdt_free_key(&key);\n \t\t\treturn ret;\n+\t\t}\n \n-\t\treturn ops->verify(dev, &key, hash, algo->checksum_len,\n-\t\t\t\t   sig, sig_len);\n+\t\tret = ops->verify(dev, &key, hash, algo->checksum_len,\n+\t\t\t\t  sig, sig_len);\n+\t\tfdt_free_key(&key);\n+\n+\t\treturn ret;\n \t}\n \n \tsig_node = fdt_subnode_offset(info->fdt_blob, 0, FIT_SIG_NODENAME);\n@@ -87,15 +121,19 @@ static int ecdsa_verify_hash(struct udevice *dev,\n \t/* Try all possible keys under the \"/signature\" node */\n \tfdt_for_each_subnode(key_node, info->fdt_blob, sig_node) {\n \t\tret = fdt_get_key(&key, info->fdt_blob, key_node);\n-\t\tif (ret < 0)\n+\t\tif (ret < 0) {\n+\t\t\tfdt_free_key(&key);\n \t\t\tcontinue;\n+\t\t}\n \n \t\tret = ops->verify(dev, &key, hash, algo->checksum_len,\n \t\t\t\t  sig, sig_len);\n \n \t\t/* On success, don't worry about remaining keys */\n-\t\tif (!ret)\n+\t\tif (!ret) {\n+\t\t\tfdt_free_key(&key);\n \t\t\treturn 0;\n+\t\t}\n \t}\n \n \treturn -EPERM;\n@@ -135,6 +173,18 @@ U_BOOT_CRYPTO_ALGO(ecdsa384) = {\n \t.verify = ecdsa_verify,\n };\n \n+U_BOOT_CRYPTO_ALGO(ecdsa521) = {\n+\t.name = \"ecdsa521\",\n+\t.key_len = ECDSA521_BYTES,\n+\t.verify = ecdsa_verify,\n+};\n+\n+U_BOOT_CRYPTO_ALGO(secp521r1) = {\n+\t.name = \"secp521r1\",\n+\t.key_len = ECDSA521_BYTES,\n+\t.verify = ecdsa_verify,\n+};\n+\n /*\n  * uclass definition for ECDSA API\n  *\ndiff --git a/lib/fdt-libcrypto.c b/lib/fdt-libcrypto.c\nindex ecb0344c8f6..090246b44e9 100644\n--- a/lib/fdt-libcrypto.c\n+++ b/lib/fdt-libcrypto.c\n@@ -10,7 +10,7 @@\n int fdt_add_bignum(void *blob, int noffset, const char *prop_name,\n \t\t   BIGNUM *num, int num_bits)\n {\n-\tint nwords = num_bits / 32;\n+\tint nwords = (num_bits + 31) / 32;\n \tint size;\n \tuint32_t *buf, *ptr;\n \tBIGNUM *tmp, *big2, *big32, *big2_32;\ndiff --git a/tools/image-sig-host.c b/tools/image-sig-host.c\nindex 5285263c616..285547994ca 100644\n--- a/tools/image-sig-host.c\n+++ b/tools/image-sig-host.c\n@@ -83,6 +83,13 @@ struct crypto_algo crypto_algos[] = {\n \t\t.add_verify_data = ecdsa_add_verify_data,\n \t\t.verify = ecdsa_verify,\n \t},\n+\t{\n+\t\t.name = \"ecdsa521\",\n+\t\t.key_len = ECDSA521_BYTES,\n+\t\t.sign = ecdsa_sign,\n+\t\t.add_verify_data = ecdsa_add_verify_data,\n+\t\t.verify = ecdsa_verify,\n+\t},\n \t{\n \t\t.name = \"secp521r1\",\n \t\t.key_len = ECDSA521_BYTES,\n","prefixes":["v4","05/14"]}