On Wed, 1 Sep 2021 04:17:23 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
> This fix adds an EC private key range check for the scalar value to be within > the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA > Signature algorithms and ECDH KeyAgreement algorithms. While the SunEC > KeyGenerator for EC keys will not generate private keys that sit outside the > accepted range, it is possible to create and attempt to use ECPrivateKey > objects that violate this range through a KeyFactory. > > JBS: https://bugs.openjdk.java.net/browse/JDK-8272385 This pull request has now been integrated. Changeset: 29e0f138 Author: Jamil Nimeh <jni...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/29e0f1386d247731e8733f6fdd1307642b2b9f96 Stats: 148 lines in 4 files changed: 147 ins; 0 del; 1 mod 8272385: Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider Reviewed-by: ascarpino, weijun ------------- PR: https://git.openjdk.java.net/jdk/pull/5324