From c84230c69a6412ccae1c8304cca463bd5545cb0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Ch=C3=A9ron?= <ocheron@users.noreply.github.com>
Date: Wed, 24 Aug 2016 18:45:00 +0200
Subject: [PATCH] Fixed hash truncation used in ECDSA signature & verification

The function tHash shifted the hash number to an incorrect number of bits
when the bit string had leading zeros.  This is one of two issues reported
in vincenthz/hs-tls#152.
---
 Crypto/PubKey/ECC/ECDSA.hs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Crypto/PubKey/ECC/ECDSA.hs b/Crypto/PubKey/ECC/ECDSA.hs
index 70222f1..23c9180 100644
--- a/Crypto/PubKey/ECC/ECDSA.hs
+++ b/Crypto/PubKey/ECC/ECDSA.hs
@@ -20,12 +20,14 @@ import Crypto.Random.Types
 import Data.Bits (shiftR)
 import Crypto.Internal.ByteArray (ByteArrayAccess)
 import Data.Data
+import Crypto.Number.Basic (numBits)
 import Crypto.Number.ModArithmetic (inverse)
 import Crypto.Number.Serialize
 import Crypto.Number.Generate
 import Crypto.PubKey.ECC.Types
 import Crypto.PubKey.ECC.Prim
 import Crypto.Hash
+import Crypto.Hash.Types (hashDigestSize)
 
 -- | Represent a ECDSA signature namely R and S.
 data Signature = Signature
@@ -117,5 +119,4 @@ tHash hashAlg m n
     | d > 0 = shiftR e d
     | otherwise = e
   where e = os2ip $ hashWith hashAlg m
-        d = log2 e - log2 n
-        log2 = ceiling . logBase (2 :: Double) . fromIntegral
+        d = hashDigestSize hashAlg * 8 - numBits n