From c6ba9e5187c1db60a601f93356a4f267a0e5fb8b Mon Sep 17 00:00:00 2001
From: xuelei <unknown>
Date: Wed, 26 Mar 2014 03:45:30 +0000
Subject: [PATCH] 8037162: More robust DH exchanges Reviewed-by: weijun,
 asmotrak, ahgross, robm

---
 src/share/classes/sun/security/util/KeyUtil.java | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/share/classes/sun/security/util/KeyUtil.java b/src/share/classes/sun/security/util/KeyUtil.java
index cbaa8a5e2..df7055a4c 100644
--- a/src/share/classes/sun/security/util/KeyUtil.java
+++ b/src/share/classes/sun/security/util/KeyUtil.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -198,7 +198,16 @@ public final class KeyUtil {
                     "Diffie-Hellman public key is too large");
         }
 
-        // Don't bother to check against the y^q mod p if safe primes are used.
+        // y^q mod p == 1?
+        // Unable to perform this check as q is unknown in this circumstance.
+
+        // p is expected to be prime.  However, it is too expensive to check
+        // that p is prime.  Instead, in order to mitigate the impact of
+        // non-prime values, we check that y is not a factor of p.
+        BigInteger r = p.remainder(y);
+        if (r.equals(BigInteger.ZERO)) {
+            throw new InvalidKeyException("Invalid Diffie-Hellman parameters");
+        }
     }
 
     /**
-- 
GitLab