From 5304812b2d228fa6e0e769017d9c004fee272e1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 3 Jan 2014 12:55:15 +0100 Subject: [PATCH] Fix theoretical compliance issue in ECDSA The issue would happen for curves whose bitlength is not a multiple of eight (the only case is NIST P-521) with hashes that are longer than the bitlength of the curve: since the wides hash is 512 bits long, this can't happen. Fixing however as a matter of principle and readability. --- library/ecdsa.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 2072d5559..6f099943e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -43,8 +43,16 @@ static int derive_mpi( const ecp_group *grp, mpi *x, const unsigned char *buf, size_t blen ) { + int ret; size_t n_size = (grp->nbits + 7) / 8; - return( mpi_read_binary( x, buf, blen > n_size ? n_size : blen ) ); + size_t use_size = blen > n_size ? n_size : blen; + + MPI_CHK( mpi_read_binary( x, buf, use_size ) ); + if( use_size * 8 > grp->nbits ) + MPI_CHK( mpi_shift_r( x, use_size * 8 - grp->nbits ) ); + +cleanup: + return( ret ); } /*