RFR 8182999: SunEC throws ProviderException on invalid curves
Adam Petcher
adam.petcher at oracle.com
Mon Jul 10 18:28:24 UTC 2017
On 7/10/2017 1:55 PM, Michael StJohns wrote:
>
> What I'm mostly trying to get at here is to decouple or remove the
> list of curves in ecdecode.c in favor of the list in the java stuff
> (CurveDB.java) (or elsewhere). The C code should mostly only have to
> deal with the math and not the housekeeping.
>
I agree that this would be a nice improvement, but I still think it is
outside of scope of this fix. What you propose is a significant
reorganization of the ECC code, and I don't think we should do that as
part of a bug fix. It should be considered as a standalone refactoring
effort, or maybe done as part of the next enhancement that adds support
for new curves.
> Mike
>
>
More information about the security-dev
mailing list