[11u] RFR: 8208698: Improved ECC Implementation

Andrew John Hughes gnu.andrew at redhat.com
Thu Jun 27 04:09:15 UTC 2019 

On 28/05/2019 08:21, Langer, Christoph wrote:
> Hi,
> 
> please review this backport of JDK-8208698: Improved ECC Implementation.
> 
> Bug: https://bugs.openjdk.java.net/browse/JDK-8208698
> Original Change: http://hg.openjdk.java.net/jdk/jdk/rev/752e57845ad2
> Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8208698.11u/
> 
> The patch did not apply cleanly because there were conflicts in src/jdk.crypto.ec/share/classes/sun/security/ec/ECDHKeyAgreement.java due to JDK-8205476 which is part of jdk/jdk but not of jdk11u-dev. Unfortunately, JDK-8205476 can not be downported as prerequisite because it brings a behavioral change and is associated with a CSR. So I resolved the rejects manually. I add the rejects below.
> 
> Thanks
> Christoph
> 
> 

I'm just looking over this in backporting to 8u. You mention not being
able to include the JDK-8205476 change, but then it is included in the
patch.

JDK-8205476 is essentially:

@@ -127,7 +127,9 @@

         try {

-            return deriveKey(s, publicValue, encodedParams);
+            byte[] result = deriveKey(s, publicValue, encodedParams);
+            publicValue = null;
+            return result;

         } catch (GeneralSecurityException e) {
             throw new ProviderException("Could not derive key", e);

The same change is made in 11u by adopting the line in the 8208698 patch
verbatim:

-        try {
-
-            return deriveKey(s, publicValue, encodedParams);
-
-        } catch (GeneralSecurityException e) {
-            throw new ProviderException("Could not derive key", e);
-        }
-
+        Optional<byte[]> resultOpt = deriveKeyImpl(privateKey, publicKey);
+        byte[] result = resultOpt.orElseGet(
+            () -> deriveKeyNative(privateKey, publicKey)
+        );
+        publicKey = null;
+        return result;

I think this should actually be:

return resultOpt.orElseGet(() -> deriveKeyNative(privateKey, publicKey));

if we want to avoid the JDK-8205476 change of nulling publicKey.

Thanks,
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
https://keybase.io/gnu_andrew

More information about the jdk-updates-dev mailing list