From 79b321661511f01db5cbbcdd8ecab76064679d9d Mon Sep 17 00:00:00 2001
From: Vinnie Ryan <vinnie@openjdk.org>
Date: Tue, 18 Sep 2012 11:08:48 +0100
Subject: [PATCH] 7198901: correct the field size check when decoding a point
 on ECC curve

Reviewed-by: xuelei
---
 jdk/src/share/classes/sun/security/ec/ECParameters.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/jdk/src/share/classes/sun/security/ec/ECParameters.java b/jdk/src/share/classes/sun/security/ec/ECParameters.java
index 56037ada939..62031c9340a 100644
--- a/jdk/src/share/classes/sun/security/ec/ECParameters.java
+++ b/jdk/src/share/classes/sun/security/ec/ECParameters.java
@@ -87,8 +87,10 @@ public final class ECParameters extends AlgorithmParametersSpi {
         if ((data.length == 0) || (data[0] != 4)) {
             throw new IOException("Only uncompressed point format supported");
         }
-        int n = data.length / 2;
-        if (n > ((curve.getField().getFieldSize() + 7 ) >> 3)) {
+        // Per ANSI X9.62, an encoded point is a 1 byte type followed by
+        // ceiling(log base 2 field-size / 8) bytes of x and the same of y.
+        int n = (data.length - 1) / 2;
+        if (n != ((curve.getField().getFieldSize() + 7 ) >> 3)) {
             throw new IOException("Point does not match field size");
         }
         byte[] xb = new byte[n];