Integrated: 8272385: Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider
Jamil Nimeh
jnimeh at openjdk.java.net
Thu Sep 2 17:57:33 UTC 2021
On Wed, 1 Sep 2021 04:17:23 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
> This fix adds an EC private key range check for the scalar value to be within the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA Signature algorithms and ECDH KeyAgreement algorithms. While the SunEC KeyGenerator for EC keys will not generate private keys that sit outside the accepted range, it is possible to create and attempt to use ECPrivateKey objects that violate this range through a KeyFactory.
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8272385
This pull request has now been integrated.
Changeset: 29e0f138
Author: Jamil Nimeh <jnimeh at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/29e0f1386d247731e8733f6fdd1307642b2b9f96
Stats: 148 lines in 4 files changed: 147 ins; 0 del; 1 mod
8272385: Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider
Reviewed-by: ascarpino, weijun
-------------
PR: https://git.openjdk.java.net/jdk/pull/5324
More information about the security-dev
mailing list