Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8037162: More robust DH exchanges
authorxuelei
Thu, 24 Apr 2014 21:04:16 +0400
changeset 25540 021f6cd857f5
parent 25539 9d290547d266
child 25541 df83fb1a542e
8037162: More robust DH exchanges Reviewed-by: weijun, asmotrak, ahgross, robm
jdk/src/share/classes/sun/security/util/KeyUtil.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/sun/security/util/KeyUtil.java	Sat Mar 22 12:51:48 2014 -0400
+++ b/jdk/src/share/classes/sun/security/util/KeyUtil.java	Thu Apr 24 21:04:16 2014 +0400
@@ -272,7 +272,16 @@
                     "Diffie-Hellman public key is too large");
         }
 
-        // Don't bother to check against the y^q mod p if safe primes are used.
+        // y^q mod p == 1?
+        // Unable to perform this check as q is unknown in this circumstance.
+
+        // p is expected to be prime.  However, it is too expensive to check
+        // that p is prime.  Instead, in order to mitigate the impact of
+        // non-prime values, we check that y is not a factor of p.
+        BigInteger r = p.remainder(y);
+        if (r.equals(BigInteger.ZERO)) {
+            throw new InvalidKeyException("Invalid Diffie-Hellman parameters");
+        }
     }
 
     /**
jdk-sandbox