changeset 53397:bc1de01b3e78

8217344: Make comparison overflow-aware in ECDHKeyAgreement.engineGenerateSecret() Reviewed-by: apetcher
author igerasim
date Fri, 18 Jan 2019 15:44:17 -0800
parents d74b1c8e632a
children dd1be616c95e
files src/jdk.crypto.ec/share/classes/sun/security/ec/ECDHKeyAgreement.java src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSASignature.java
diffstat 2 files changed, 4 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDHKeyAgreement.java	Fri Jan 18 18:21:50 2019 -0500
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDHKeyAgreement.java	Fri Jan 18 15:44:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -178,7 +178,7 @@
     @Override
     protected int engineGenerateSecret(byte[] sharedSecret, int
             offset) throws IllegalStateException, ShortBufferException {
-        if (offset + secretLen > sharedSecret.length) {
+        if (secretLen > sharedSecret.length - offset) {
             throw new ShortBufferException("Need " + secretLen
                 + " bytes, only " + (sharedSecret.length - offset)
                 + " available");
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSASignature.java	Fri Jan 18 18:21:50 2019 -0500
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSASignature.java	Fri Jan 18 15:44:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -163,7 +163,7 @@
             if (len <= 0) {
                 return;
             }
-            if (offset + len >= precomputedDigest.length) {
+            if (len >= precomputedDigest.length - offset) {
                 offset = RAW_ECDSA_MAX + 1;
                 return;
             }