[PATCH] Truncate hash values for ECDSA signature scheme

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Thu Dec 19 00:06:06 CET 2013


Hello,

On Tue, Dec 17, 2013 at 5:53 PM, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 17 Dec 2013 12:37, dbaryshkov at gmail.com said:
>
>> if (mpi_is_opaque(input))
>>   {
>>       abuf = mpi_get_opaque (input, &abits);
>>       rc = _gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL);
>>   }
>>   else
>>   {
>>     hash = mpi_copy(input)
>>     abits = mpi_get_nbits(input);
>>   }
>>   if (abits > qbits)
>>     mpi_rshift (hash, hash, abits - qbits);
>>
>> This would be more correct, isn't it?
>
> Yes.

I was wrong, this code is incorrect. I think I now understand how to handle
different cases wrt. hash truncation. I will post new patch iteration after
the Weekend.

-- 
With best wishes
Dmitry



More information about the Gcrypt-devel mailing list