RFR: 8285493: ECC calculation error
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Wed Apr 27 15:16:44 UTC 2022
On Wed, 27 Apr 2022 12:57:20 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java line 261:
>>
>>> 259: IntegerModuloP result = p1.asAffine().getX();
>>> 260: b2a(result, orderField, temp1);
>>> 261: return MessageDigest.isEqual(temp1, r);
>>
>> I did not get the point of this update. Is it the broken case you mentioned in the PR description? What's the issue of the original code?
>
> Here, `result`'s modulus is `field`, and `ri`'s is `orderField`. Therefore you cannot simply subtract one from the other. One new `assert` would fail.
Got it. It looks like a safe update.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8409
More information about the security-dev
mailing list