RFR: 8272385: Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider [v2]

Jamil Nimeh jnimeh at openjdk.java.net
Thu Sep 2 17:26:16 UTC 2021


> This fix adds an EC private key range check for the scalar value to be within the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA Signature algorithms and ECDH KeyAgreement algorithms.  While the SunEC KeyGenerator for EC keys will not generate private keys that sit outside the accepted range, it is possible to create and attempt to use ECPrivateKey objects that violate this range through a KeyFactory.
> 
> JBS: https://bugs.openjdk.java.net/browse/JDK-8272385

Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:

  change checkPrivateKey signature to return ECPrivateKey instead of void

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/5324/files
  - new: https://git.openjdk.java.net/jdk/pull/5324/files/864b9aaf..15696f21

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=5324&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=5324&range=00-01

  Stats: 6 lines in 1 file changed: 4 ins; 0 del; 2 mod
  Patch: https://git.openjdk.java.net/jdk/pull/5324.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/5324/head:pull/5324

PR: https://git.openjdk.java.net/jdk/pull/5324


More information about the security-dev mailing list