Code Review Request, 8154344 sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java fails on solaris
Michael StJohns
mstjohns at comcast.net
Fri May 6 17:17:14 UTC 2016
On 5/6/2016 10:40 AM, Xuelei Fan wrote:
> Hi,
>
> Please review this simple test failure fix:
>
> http://cr.openjdk.java.net/~xuelei/8154344/webrev.00/
>
> The underlying crypto lib may generate DH private keys out of the normal
> expected range. This fix removes the range checking for DH private keys.
>
> Thanks,
> Xuelei
I'm confused about this. I read the code and reviewed NIST SP800-56A
Rev 1, section 5.6.2.4 and the check you're commenting out is the
correct check for validity. If the provider is failing this check,
shouldn't the provider be fixed?
I.e. the test is failing as expected.
If you still want to open up this code, then I'd probably add the second
test for the public key:
if (y.modPow(q,p).compareTo(BigInteger.ONE) != 0)
throw new Exception (...);
I'd probably also compare the params in both public and private keys for
equality at the beginning of the checkKeyPair test and then dump the
second check for p.bitSize().
More information about the security-dev
mailing list