Merge "Remove DH keygen special case"
am: 151ca156c5
Change-Id: I1cb9f5c294858e0ab8ffeadbce83f7c75119564e
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
index 1e426b1..ce21d3d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
@@ -73,10 +73,22 @@
private DHKeyGenerationParameters convertParams(SecureRandom random, DHParameterSpec dhParams)
{
+ // BEGIN Android-removed: Don't special-case DHDomainParameterSpec
+ // When DHDomainParameterSpec is special-cased here, it supplies a value for q that
+ // ultimately results in a smaller value of x, which runs afoul of the Wycheproof test
+ // com.google.security.wycheproof.DhTest.testKeyPairGenerator(). See the docs in DhTest
+ // for more details of why that requirement is made.
+ //
+ // While we believe this code would be safe (and likely somewhat faster), in the interest
+ // of being conservative we've disabled it to preserve the old behavior that also passes
+ // the Wycheproof test.
+ /*
if (dhParams instanceof DHDomainParameterSpec)
{
return new DHKeyGenerationParameters(random, ((DHDomainParameterSpec)dhParams).getDomainParameters());
}
+ */
+ // END Android-removed: Don't special-case DHDomainParameterSpec
return new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL()));
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
index cb5f7d8..a208fe1 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
@@ -77,10 +77,22 @@
private DHKeyGenerationParameters convertParams(SecureRandom random, DHParameterSpec dhParams)
{
+ // BEGIN Android-removed: Don't special-case DHDomainParameterSpec
+ // When DHDomainParameterSpec is special-cased here, it supplies a value for q that
+ // ultimately results in a smaller value of x, which runs afoul of the Wycheproof test
+ // com.google.security.wycheproof.DhTest.testKeyPairGenerator(). See the docs in DhTest
+ // for more details of why that requirement is made.
+ //
+ // While we believe this code would be safe (and likely somewhat faster), in the interest
+ // of being conservative we've disabled it to preserve the old behavior that also passes
+ // the Wycheproof test.
+ /*
if (dhParams instanceof DHDomainParameterSpec)
{
return new DHKeyGenerationParameters(random, ((DHDomainParameterSpec)dhParams).getDomainParameters());
}
+ */
+ // END Android-removed: Don't special-case DHDomainParameterSpec
return new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL()));
}