RFR: 8264329: Z cannot be 1 for Diffie-Hellman key agreement

Bradford Wetmore wetmore at openjdk.java.net
Sun Mar 28 06:04:01 UTC 2021


On Sun, 28 Mar 2021 04:09:38 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

> Per NIST SP 800-56A Rev 3 (section 5.7.1), the shared secret cannot be 1 or (p - 1).  This update adds this validation in the JDK provider implementation.
> 
> No new regression test, simple update and hard to construct a shared secret of 1 or (p - 1).

src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java line 321:

> 319:                 z.equals(modulus.subtract(BigInteger.ONE))) {
> 320:             throw new ProviderException(
> 321:                     "Generated secret is out-of-rang of (1, p -1)");

typo:  rang -> range

-------------

PR: https://git.openjdk.java.net/jdk/pull/3232


More information about the security-dev mailing list