On Wed, 1 Sep 2021 04:17:23 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:

> This fix adds an EC private key range check for the scalar value to be within 
> the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA 
> Signature algorithms and ECDH KeyAgreement algorithms.  While the SunEC 
> KeyGenerator for EC keys will not generate private keys that sit outside the 
> accepted range, it is possible to create and attempt to use ECPrivateKey 
> objects that violate this range through a KeyFactory.
> 
> JBS: https://bugs.openjdk.java.net/browse/JDK-8272385

So the key is only validated before it's used? Why not when creating it?

Do we need to validate public key as well? It might not be a problem since 
modular calculation should scale it back to normal. Our old native impl does 
have one at 
https://github.com/openjdk/jdk11u-dev/blob/master/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c#L481.

One more thing: I would prefer `[1, n)` or `(0, n)` in the bug title. :-)

-------------

PR: https://git.openjdk.java.net/jdk/pull/5324

Reply via email to