8168724: ECDSA signing improvments

Reviewed-by: valeriep, vinnie, ahgross, asmotrak, robm
2026-03-14 18:03:44 +00:00 · 2016-11-10 15:52:48 +00:00 · 2016-11-10 15:52:48 +00:00 · fc58c85eb4
commit fc58c85eb4
parent ec3a122b19
1 changed files with 11 additions and 1 deletions
--- a/jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c
+++ b/jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c
@ -34,7 +34,7 @@
 *   Dr Vipul Gupta <vipul.gupta@sun.com> and
 *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
 *
- * Last Modified Date from the Original Code: Nov 2016
+ * Last Modified Date from the Original Code: November 2016
 *********************************************************************** */

 #include "mplogic.h"
@ -714,6 +714,16 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
        goto cleanup;
    }

+    /*
+     * Using an equivalent exponent of fixed length (same as n or 1 bit less
+     * than n) to keep the kG timing relatively constant.
+     *
+     * Note that this is an extra step on top of the approach defined in
+     * ANSI X9.62 so as to make a fixed length K.
+     */
+    CHECK_MPI_OK( mp_add(&k, &n, &k) );
+    CHECK_MPI_OK( mp_div_2(&k, &k) );
+
    /*
    ** ANSI X9.62, Section 5.3.2, Step 2
    **