Merge pull request #9920 from davidhorstmann-arm/clarify-x509-security-md-2.28 [Backport 2.28] Add X.509 formatting validation to SECURITY.md

commit: 2153b1bc0334ed86a40085311f5253eb6650fbb8 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Thu Feb 20 14:41:37 2025 +0000
committer: GitHub <noreply@github.com> Thu Feb 20 14:41:37 2025 +0000
tree: 7690090d86f44080efb7f232b8c71b65ef42cdd4
parent: 0834c59d0628ddf55e99eb06141c2bbdfe05d438 [diff]
parent: 09d0b71d2b81972eea56bf254b669d6dc3887ba6 [diff]
diff --git a/library/ecp.c b/library/ecp.c
index cfe02b0..2ed735d 100644
--- a/library/ecp.c
+++ b/library/ecp.c

@@ -3125,7 +3125,7 @@
         /* see RFC 7748 sec. 5 para. 5 */
         if (mbedtls_mpi_get_bit(d, 0) != 0 ||
             mbedtls_mpi_get_bit(d, 1) != 0 ||
-            mbedtls_mpi_bitlen(d) - 1 != grp->nbits) {  /* mbedtls_mpi_bitlen is one-based! */
+            mbedtls_mpi_bitlen(d) != grp->nbits + 1) {  /* mbedtls_mpi_bitlen is one-based! */
             return MBEDTLS_ERR_ECP_INVALID_KEY;
         }
commit	2153b1bc0334ed86a40085311f5253eb6650fbb8	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Thu Feb 20 14:41:37 2025 +0000
committer	GitHub <noreply@github.com>	Thu Feb 20 14:41:37 2025 +0000
tree	7690090d86f44080efb7f232b8c71b65ef42cdd4
parent	0834c59d0628ddf55e99eb06141c2bbdfe05d438 [diff]
parent	09d0b71d2b81972eea56bf254b669d6dc3887ba6 [diff]