RFR 8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently

Michael StJohns mstjohns at comcast.net
Mon Jun 22 04:35:30 UTC 2015 

At 12:21 AM 6/22/2015, Michael StJohns wrote:
>Hmm...
>
>It is possible to randomly generate a prime which is expressed in less than the full number of provided bytes so it is possible (and legal) for sourceLength to be less than or equal to destination length.  What should probably be checked here though is :


*sigh*  

The following should have been :

int off = sourceLength;

if (sourceLength > destinationLength) {
         if (sourceLength > (destinationLength +1)) {
         return -1;
          }
        off++;
        sourceLength == destinationLength;
        
}


If you're taking a 65 byte big endian representation and trimming the sign byte to get 64 bytes, that's OK.  If you're taking a 66 byte representation and trying to stuff it into 64 bytes, you're throwing away 1 byte of meaningful data.




>if (sourceLength > destinationLength) {
>        return -1;
>}
>
>(E.g. if you're trying to stuff N bytes in an N-1 length array it will be bad).
>
>For the rest, it seems clumsy to do it that way (the loop and if statement) - instead maybe do an 
>
>int off = sourceLength;
>
>for (int i = 0; i < sourceLength; i++) {
>        destination[i] = sourceBytes[--off]; // note the pre decrement!
>}
>
>if (sourceLength < destinationLength)  {
>    memset (destination + sourceLength, 0, destinationLength - sourceLength);
>}
>
>
>To copy and then clear.  
>
>And then
>
>return destinationLength;


*sigh* 
return sourceLength;





>Mike
>
>
>
>
>
>At 06:04 AM 6/19/2015, Weijun Wang wrote:
>>I might have found a reason for SunMSCAPI crash
>>
>>  http://cr.openjdk.java.net/~weijun/8023546/webrev.00
>>
>>Before this fix, the native function convertToLittleEndian() fails if you want to convert a 63 byte array to a 64 byte one. However, I observed that when a 1024 bit RSA private key is generated, its prime exponent p can be only 63 bytes long. Function is updated to accept this case.
>>
>>I'm not a cryptographer so if you believe the p must be of 64 bytes long please tell me.
>>
>>Thanks
>>Max

More information about the security-dev mailing list