# HG changeset patch
# User xuelei
# Date 1478793168 0
# Node ID dc8daa68dd3125f1c2acd70820743fb9bde4f055
# Parent  5aa719c6667735ccba69b107669824de5a2f2acb
8168724: ECDSA signing improvments
Reviewed-by: valeriep, vinnie, ahgross, asmotrak, robm

diff -r 5aa719c66677 -r dc8daa68dd31 jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c
--- a/jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c	Thu Nov 10 15:46:40 2016 +0000
+++ b/jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c	Thu Nov 10 15:52:48 2016 +0000
@@ -34,7 +34,7 @@
  *   Dr Vipul Gupta <vipul.gupta@sun.com> and
  *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
  *
- * Last Modified Date from the Original Code: Nov 2016
+ * Last Modified Date from the Original Code: November 2016
  *********************************************************************** */
 
 #include "mplogic.h"
@@ -715,6 +715,16 @@
     }
 
     /*
+     * Using an equivalent exponent of fixed length (same as n or 1 bit less
+     * than n) to keep the kG timing relatively constant.
+     *
+     * Note that this is an extra step on top of the approach defined in
+     * ANSI X9.62 so as to make a fixed length K.
+     */
+    CHECK_MPI_OK( mp_add(&k, &n, &k) );
+    CHECK_MPI_OK( mp_div_2(&k, &k) );
+
+    /*
     ** ANSI X9.62, Section 5.3.2, Step 2
     **
     ** Compute kG