Google Git
Sign in
android / platform / external / bouncycastle / cabf9a8310f3b538786a5c0e3d827b819e2c00b4^1..cabf9a8310f3b538786a5c0e3d827b819e2c00b4 / .
commitcabf9a8310f3b538786a5c0e3d827b819e2c00b4[log] [tgz]
authorAdam Vartanian <flooey@google.com>Fri Mar 01 10:22:44 2019 -0800
committerandroid-build-merger <android-build-merger@google.com>Fri Mar 01 10:22:44 2019 -0800
tree91198a5622bc505aab914986507f2270a40dcfe6
parentecdc66b850c597c40d84c23e4804eb274c57f9d2 [diff]
parent151ca156c5e7723d591ca3be0f98f30f0c86a294 [diff]
Merge "Remove DH keygen special case"
am: 151ca156c5

Change-Id: I1cb9f5c294858e0ab8ffeadbce83f7c75119564e

diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
index 1e426b1..ce21d3d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java

@@ -73,10 +73,22 @@
 
     private DHKeyGenerationParameters convertParams(SecureRandom random, DHParameterSpec dhParams)
     {
+        // BEGIN Android-removed: Don't special-case DHDomainParameterSpec
+        // When DHDomainParameterSpec is special-cased here, it supplies a value for q that
+        // ultimately results in a smaller value of x, which runs afoul of the Wycheproof test
+        // com.google.security.wycheproof.DhTest.testKeyPairGenerator().  See the docs in DhTest
+        // for more details of why that requirement is made.
+        //
+        // While we believe this code would be safe (and likely somewhat faster), in the interest
+        // of being conservative we've disabled it to preserve the old behavior that also passes
+        // the Wycheproof test.
+        /*
         if (dhParams instanceof DHDomainParameterSpec)
         {
             return new DHKeyGenerationParameters(random, ((DHDomainParameterSpec)dhParams).getDomainParameters());
         }
+        */
+        // END Android-removed: Don't special-case DHDomainParameterSpec
         return new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL()));
     }
 

diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
index cb5f7d8..a208fe1 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java

@@ -77,10 +77,22 @@
 
     private DHKeyGenerationParameters convertParams(SecureRandom random, DHParameterSpec dhParams)
     {
+        // BEGIN Android-removed: Don't special-case DHDomainParameterSpec
+        // When DHDomainParameterSpec is special-cased here, it supplies a value for q that
+        // ultimately results in a smaller value of x, which runs afoul of the Wycheproof test
+        // com.google.security.wycheproof.DhTest.testKeyPairGenerator().  See the docs in DhTest
+        // for more details of why that requirement is made.
+        //
+        // While we believe this code would be safe (and likely somewhat faster), in the interest
+        // of being conservative we've disabled it to preserve the old behavior that also passes
+        // the Wycheproof test.
+        /*
         if (dhParams instanceof DHDomainParameterSpec)
         {
             return new DHKeyGenerationParameters(random, ((DHDomainParameterSpec)dhParams).getDomainParameters());
         }
+        */
+        // END Android-removed: Don't special-case DHDomainParameterSpec
         return new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL()));
     }