On Wed, 1 Sep 2021 04:17:23 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
> This fix adds an EC private key range check for the scalar value to be within > the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA > Signature algorithms and ECDH KeyAgreement algorithms. While the SunEC > KeyGenerator for EC keys will not generate private keys that sit outside the > accepted range, it is possible to create and attempt to use ECPrivateKey > objects that violate this range through a KeyFactory. > > JBS: https://bugs.openjdk.java.net/browse/JDK-8272385 So the key is only validated before it's used? Why not when creating it? Do we need to validate public key as well? It might not be a problem since modular calculation should scale it back to normal. Our old native impl does have one at https://github.com/openjdk/jdk11u-dev/blob/master/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c#L481. One more thing: I would prefer `[1, n)` or `(0, n)` in the bug title. :-) ------------- PR: https://git.openjdk.java.net/jdk/pull/5324
