8285493: ECC calculation error

Reviewed-by: xuelei, ascarpino
This commit is contained in:
Weijun Wang 2022-04-28 02:52:41 +00:00
parent 89fd6d34f8
commit c1173c24bf
2 changed files with 12 additions and 13 deletions
src
java.base/share/classes/sun/security/util/math/intpoly
jdk.crypto.ec/share/classes/sun/security/ec

@ -558,7 +558,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public ImmutableElement add(IntegerModuloP genB) {
assert IntegerPolynomial.this == genB.getField();
Element b = (Element) genB;
if (!(isSummand() && b.isSummand())) {
throw new ArithmeticException("Not a valid summand");
@ -596,7 +596,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public ImmutableElement multiply(IntegerModuloP genB) {
assert IntegerPolynomial.this == genB.getField();
Element b = (Element) genB;
long[] newLimbs = new long[limbs.length];
@ -612,7 +612,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
}
public void addModPowerTwo(IntegerModuloP arg, byte[] result) {
assert IntegerPolynomial.this == arg.getField();
Element other = (Element) arg;
if (!(isSummand() && other.isSummand())) {
throw new ArithmeticException("Not a valid summand");
@ -642,7 +642,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public void conditionalSet(IntegerModuloP b, int set) {
assert IntegerPolynomial.this == b.getField();
Element other = (Element) b;
conditionalAssign(set, limbs, other.limbs);
@ -651,7 +651,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public void conditionalSwapWith(MutableIntegerModuloP b, int swap) {
assert IntegerPolynomial.this == b.getField();
MutableElement other = (MutableElement) b;
conditionalSwap(swap, limbs, other.limbs);
@ -663,6 +663,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public MutableElement setValue(IntegerModuloP v) {
assert IntegerPolynomial.this == v.getField();
Element other = (Element) v;
System.arraycopy(other.limbs, 0, limbs, 0, other.limbs.length);
@ -692,6 +693,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public MutableElement setProduct(IntegerModuloP genB) {
assert IntegerPolynomial.this == genB.getField();
Element b = (Element) genB;
mult(limbs, b.limbs, limbs);
numAdds = 0;
@ -708,7 +710,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public MutableElement setSum(IntegerModuloP genB) {
assert IntegerPolynomial.this == genB.getField();
Element b = (Element) genB;
if (!(isSummand() && b.isSummand())) {
throw new ArithmeticException("Not a valid summand");
@ -724,7 +726,7 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public MutableElement setDifference(IntegerModuloP genB) {
assert IntegerPolynomial.this == genB.getField();
Element b = (Element) genB;
if (!(isSummand() && b.isSummand())) {
throw new ArithmeticException("Not a valid summand");
@ -747,7 +749,6 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public MutableElement setAdditiveInverse() {
for (int i = 0; i < limbs.length; i++) {
limbs[i] = -limbs[i];
}
@ -756,7 +757,6 @@ public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
@Override
public MutableElement setReduced() {
reduce(limbs);
numAdds = 0;
return this;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@ import sun.security.util.math.*;
import static sun.security.ec.ECOperations.IntermediateValueException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.ProviderException;
import java.security.spec.*;
import java.util.Arrays;
@ -256,10 +257,8 @@ public class ECDSAOperations {
ecOps.setSum(p1, p2.asAffine());
IntegerModuloP result = p1.asAffine().getX();
result = result.additiveInverse().add(ri);
b2a(result, orderField, temp1);
return ECOperations.allZero(temp1);
return MessageDigest.isEqual(temp1, r);
}
public static ImmutableIntegerModuloP b2a(IntegerModuloP b,