8168724: ECDSA signing improvments

Reviewed-by: xuelei

8168724: ECDSA signing improvments
Reviewed-by: xuelei
37bf6185 · robm · 3f3ea770 · 37bf6185
显示空白变更内容
内联并排

Showing with 12 addition and 2 deletion

src/share/native/sun/security/ec/impl/ec.c src/share/native/sun/security/ec/impl/ec.c +12 -2

未找到文件。
--- a/src/share/native/sun/security/ec/impl/ec.c
+++ b/src/share/native/sun/security/ec/impl/ec.c
 /*
- * Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
 * Use is subject to license terms.
 *
 * This library is free software; you can redistribute it and/or
@@ -34,7 +34,7 @@
 *   Dr Vipul Gupta <vipul.gupta@sun.com> and
 *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
 *
- * Last Modified Date from the Original Code: April 2015
+ * Last Modified Date from the Original Code: November 2016
 *********************************************************************** */
 #include "mplogic.h"
@@ -713,6 +713,16 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
        goto cleanup;
    }
+    /*
+     * Using an equivalent exponent of fixed length (same as n or 1 bit less
+     * than n) to keep the kG timing relatively constant.
+     *
+     * Note that this is an extra step on top of the approach defined in
+     * ANSI X9.62 so as to make a fixed length K.
+     */
+    CHECK_MPI_OK( mp_add(&k, &n, &k) );
+    CHECK_MPI_OK( mp_div_2(&k, &k) );
    /*
    ** ANSI X9.62, Section 5.3.2, Step 2
    **