--- a/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c Tue Mar 19 14:22:47 2019 -0400
+++ b/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c Tue Mar 19 15:18:35 2019 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@@ -660,6 +660,7 @@
SECItem kGpoint = { siBuffer, NULL, 0};
int flen = 0; /* length in bytes of the field size */
unsigned olen; /* length in bytes of the base point order */
+ unsigned int orderBitSize;
#if EC_DEBUG
char mpstr[256];
@@ -762,10 +763,11 @@
SECITEM_TO_MPINT(*digest, &s); /* s = HASH(M) */
/* In the definition of EC signing, digests are truncated
- * to the length of n in bits.
+ * to the order length
* (see SEC 1 "Elliptic Curve Digit Signature Algorithm" section 4.1.*/
- if (digest->len*8 > (unsigned int)ecParams->fieldID.size) {
- mpl_rsh(&s,&s,digest->len*8 - ecParams->fieldID.size);
+ orderBitSize = mpl_significant_bits(&n);
+ if (digest->len*8 > orderBitSize) {
+ mpl_rsh(&s,&s,digest->len*8 - orderBitSize);
}
#if EC_DEBUG
@@ -898,6 +900,7 @@
int slen; /* length in bytes of a half signature (r or s) */
int flen; /* length in bytes of the field size */
unsigned olen; /* length in bytes of the base point order */
+ unsigned int orderBitSize;
#if EC_DEBUG
char mpstr[256];
@@ -977,11 +980,12 @@
SECITEM_TO_MPINT(*digest, &u1); /* u1 = HASH(M) */
/* In the definition of EC signing, digests are truncated
- * to the length of n in bits.
+ * to the order length, in bits.
* (see SEC 1 "Elliptic Curve Digit Signature Algorithm" section 4.1.*/
/* u1 = HASH(M') */
- if (digest->len*8 > (unsigned int)ecParams->fieldID.size) {
- mpl_rsh(&u1,&u1,digest->len*8- ecParams->fieldID.size);
+ orderBitSize = mpl_significant_bits(&n);
+ if (digest->len*8 > orderBitSize) {
+ mpl_rsh(&u1,&u1,digest->len*8- orderBitSize);
}
#if EC_DEBUG