Fix theoretical compliance issue in ECDSA The issue would happen for curves whose bitlength is not a multiple of eight (the only case is NIST P-521) with hashes that are longer than the bitlength of the curve: since the wides hash is 512 bits long, this can't happen. Fixing however as a matter of principle and readability.

commit: e7072f8d1171a7e6e5ec1f7c15030a884f1933e2 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jan 03 12:55:15 2014 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jan 06 11:01:38 2014 +0100
tree: c214df33d8aaaebd6e81bd1578aa01030c5af471
parent: c9573998ca6608dd120b1fc357a0802163be3e69 [diff]
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 2072d55..6f09994 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c

@@ -43,8 +43,16 @@
 static int derive_mpi( const ecp_group *grp, mpi *x,
                        const unsigned char *buf, size_t blen )
 {
+    int ret;
     size_t n_size = (grp->nbits + 7) / 8;
-    return( mpi_read_binary( x, buf, blen > n_size ? n_size : blen ) );
+    size_t use_size = blen > n_size ? n_size : blen;
+
+    MPI_CHK( mpi_read_binary( x, buf, use_size ) );
+    if( use_size * 8 > grp->nbits )
+        MPI_CHK( mpi_shift_r( x, use_size * 8 - grp->nbits ) );
+
+cleanup:
+    return( ret );
 }
 
 /*
commit	e7072f8d1171a7e6e5ec1f7c15030a884f1933e2	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Jan 03 12:55:15 2014 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jan 06 11:01:38 2014 +0100
tree	c214df33d8aaaebd6e81bd1578aa01030c5af471
parent	c9573998ca6608dd120b1fc357a0802163be3e69 [diff]