This fix adds an EC private key range check for the scalar value to be within the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA Signature algorithms and ECDH KeyAgreement algorithms. While the SunEC KeyGenerator for EC keys will not generate private keys that sit outside the accepted range, it is possible to create and attempt to use ECPrivateKey objects that violate this range through a KeyFactory.
JBS: https://bugs.openjdk.java.net/browse/JDK-8272385 ------------- Commit messages: - Merge - 8272385: Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider Changes: https://git.openjdk.java.net/jdk/pull/5324/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=5324&range=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8272385 Stats: 144 lines in 4 files changed: 143 ins; 0 del; 1 mod Patch: https://git.openjdk.java.net/jdk/pull/5324.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/5324/head:pull/5324 PR: https://git.openjdk.java.net/jdk/pull/5324
