qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-20 05:44:44 -07:00
Code Releases Activity

crypto/ecdsa: fix case where p != 0 mod 8 and the hash length < p.

Browse Source 
I made a typo which breaks P-521.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6219057
This commit is contained in:
Adam Langley 2012-05-22 10:17:39 -04:00
parent 8f66d7dc32
commit 477d7b1663
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/pkg/crypto/ecdsa/ecdsa.go
View File

@ -66,7 +66,9 @@ func GenerateKey(c elliptic.Curve, rand io.Reader) (priv *PrivateKey, err error)
// hashToInt converts a hash value to an integer. There is some disagreement // hashToInt converts a hash value to an integer. There is some disagreement
// about how this is done. [NSA] suggests that this is done in the obvious // about how this is done. [NSA] suggests that this is done in the obvious
// manner, but [SECG] truncates the hash to the bit-length of the curve order // manner, but [SECG] truncates the hash to the bit-length of the curve order
// first. We follow [SECG] because that's what OpenSSL does. // first. We follow [SECG] because that's what OpenSSL does. Additionally,
// OpenSSL right shifts excess bits from the number if the hash is too large
// and we mirror that too.
func hashToInt(hash []byte, c elliptic.Curve) *big.Int { func hashToInt(hash []byte, c elliptic.Curve) *big.Int {
orderBits := c.Params().N.BitLen() orderBits := c.Params().N.BitLen()
orderBytes := (orderBits + 7) / 8 orderBytes := (orderBits + 7) / 8
@ -75,7 +77,7 @@ func hashToInt(hash []byte, c elliptic.Curve) *big.Int {
} }
ret := new(big.Int).SetBytes(hash) ret := new(big.Int).SetBytes(hash)
excess := orderBytes*8 - orderBits excess := len(hash)*8 - orderBits
if excess > 0 { if excess > 0 {
ret.Rsh(ret, uint(excess)) ret.Rsh(ret, uint(excess))
} }