On Wed, 1 Sep 2021 15:13:14 GMT, Weijun Wang <wei...@openjdk.org> wrote:

> So the key is only validated before it's used? Why not when creating it?
> 
> Do we need to validate public key as well? It might not be a problem since 
> modular calculation should scale it back to normal. Our old native impl does 
> have one at 
> https://github.com/openjdk/jdk11u-dev/blob/master/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c#L481.
> 
> One more thing: I would prefer `[1, n)` or `(0, n)` in the bug title, and, 
> it's probably more efficient to call `sVal.compareTo(BigInteger.ZERO) <= 0` 
> than `sVal.compareTo(BigInteger.ONE) < 0`.

Good questions.
WRT the KeyFactory, I looked not only at ours but also BC's and neither seems 
to put restrictions on ranges for an ECPrivateKey.  Given that behavior I 
thought for this change I'd leave KeyFactory alone.

Validating the public key might not be a bad idea.  I could come up with a 
Java-based version of what's in libsunec and update the test to cover that as 
well.

With respect to the synopsis, I'd prefer to leave it [1, n-1] because that's 
the notation used by FIPS 186-4, X9.62 and SEC 1.  But the BigInteger.compareTo 
I will change as you suggested.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5324

Reply via email to