1
0
mirror of https://github.com/golang/go synced 2024-11-25 07:07:57 -07:00

crypto/ecdsa: fix case where p != 0 mod 8 and the hash length < p.

I made a typo which breaks P-521.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6219057
This commit is contained in:
Adam Langley 2012-05-22 10:17:39 -04:00
parent 8f66d7dc32
commit 477d7b1663

View File

@ -66,7 +66,9 @@ func GenerateKey(c elliptic.Curve, rand io.Reader) (priv *PrivateKey, err error)
// hashToInt converts a hash value to an integer. There is some disagreement
// about how this is done. [NSA] suggests that this is done in the obvious
// manner, but [SECG] truncates the hash to the bit-length of the curve order
// first. We follow [SECG] because that's what OpenSSL does.
// first. We follow [SECG] because that's what OpenSSL does. Additionally,
// OpenSSL right shifts excess bits from the number if the hash is too large
// and we mirror that too.
func hashToInt(hash []byte, c elliptic.Curve) *big.Int {
orderBits := c.Params().N.BitLen()
orderBytes := (orderBits + 7) / 8
@ -75,7 +77,7 @@ func hashToInt(hash []byte, c elliptic.Curve) *big.Int {
}
ret := new(big.Int).SetBytes(hash)
excess := orderBytes*8 - orderBits
excess := len(hash)*8 - orderBits
if excess > 0 {
ret.Rsh(ret, uint(excess))
}