openjdk · vpaprotsk · Sep 26, 2023 · Oct 10, 2023 · Feb 19, 2024 · Mar 26, 2024
diff --git a/src/java.base/share/classes/sun/security/ec/ECOperations.java b/src/java.base/share/classes/sun/security/ec/ECOperations.java
@@ -205,7 +205,7 @@ public MutablePoint multiply(AffinePoint affineP, byte[] s) {
         PointMultiplier multiplier = null;
         if (getField() instanceof IntegerMontgomeryFieldModuloP
                 && affineP.equals(Secp256R1GeneratorMontgomeryMultiplier.generator)) {
-            // Lazy class loading when this function is called (large static constant table)
+            // Lazy class loading here
             multiplier = Secp256R1GeneratorMontgomeryMultiplier.multiplier;
         } else {
             multiplier = new DefaultMultiplier(this, affineP);
@@ -215,8 +215,8 @@ public MutablePoint multiply(AffinePoint affineP, byte[] s) {
     }
 
     /**
-     * Multiply an affine ecpoint point by a scalar and return the result as a mutable
-     * point.
+     * Multiply an affine ecpoint point by a scalar and return the result as a
+     * mutable point.
      *
      * @param ecPoint the point
      * @param s the scalar as a little-endian array
@@ -280,8 +280,8 @@ private void setDouble(ProjectivePoint.Mutable p, MutableIntegerModuloP t0,
      * Adds second Mutable (Projective) point to first.
      *
      * Used by ECDSAOperations. This method constructs new temporaries each time
-     * it is called. For better efficiency, the (private) method that reuses temporaries
-     * should be used if more than one sum will be computed.
+     * it is called. For better efficiency, the (private) method that reuses
+     * temporaries should be used if more than one sum will be computed.
      *
      * @param p first point and result
      * @param p2 second point to add
@@ -294,7 +294,8 @@ public void setSum(MutablePoint p, MutablePoint p2) {
         MutableIntegerModuloP t3 = zero.mutable();
         MutableIntegerModuloP t4 = zero.mutable();
 
-        setSum((ProjectivePoint.Mutable) p, (ProjectivePoint.Mutable) p2, t0, t1, t2, t3, t4);
+        setSum((ProjectivePoint.Mutable) p, (ProjectivePoint.Mutable) p2,
+            t0, t1, t2, t3, t4);
     }
 
     /*
@@ -543,13 +544,17 @@ private void double4(ProjectivePoint.Mutable p,
         }
     }
 
-    // Represents a multiplier with a larger precomputed table. Intended to be used for Basepoint multiplication
-    final static class Secp256R1GeneratorMontgomeryMultiplier implements PointMultiplier {
+    // Represents a multiplier with a larger precomputed table. Intended to be
+    // used for Basepoint multiplication
+    final static class Secp256R1GeneratorMontgomeryMultiplier
+        implements PointMultiplier {
         private static final ECOperations secp256r1Ops = new ECOperations(
-                MontgomeryIntegerPolynomialP256.ONE.getElement(CurveDB.P_256.getCurve().getB()),
-                P256OrderField.ONE);
-        public static final AffinePoint generator = AffinePoint.fromECPoint(CurveDB.P_256.getGenerator(), secp256r1Ops.getField());
-        public static final PointMultiplier multiplier = new Secp256R1GeneratorMontgomeryMultiplier();
+            MontgomeryIntegerPolynomialP256.ONE.getElement(
+                    CurveDB.P_256.getCurve().getB()), P256OrderField.ONE);
+        public static final AffinePoint generator = AffinePoint.fromECPoint(
+            CurveDB.P_256.getGenerator(), secp256r1Ops.getField());
+        public static final PointMultiplier multiplier =
+            new Secp256R1GeneratorMontgomeryMultiplier();
 
         private final ImmutableIntegerModuloP zero;
         private final ImmutableIntegerModuloP one;
@@ -566,7 +571,8 @@ private Secp256R1GeneratorMontgomeryMultiplier() {
             }
         }
 
-        private Secp256R1GeneratorMontgomeryMultiplier(IntegerFieldModuloP field, PointMultiplier smallTableMultiplier) {
+        private Secp256R1GeneratorMontgomeryMultiplier(
+            IntegerFieldModuloP field, PointMultiplier smallTableMultiplier) {
             zero = field.get0();
             one = field.get1();
 
@@ -628,7 +634,8 @@ private Secp256R1GeneratorMontgomeryMultiplier(IntegerFieldModuloP field, PointM
                         bi = bi.multiply(BigInteger.TWO.pow(d * 16));
                     }
                     if (w == 0) {
-                        points[d][0] = new ProjectivePoint.Immutable(zero.fixed(), one.fixed(), zero.fixed());
+                        points[d][0] = new ProjectivePoint.Immutable(
+                            zero.fixed(), one.fixed(), zero.fixed());
                     } else {
                         byte[] s = bi.toByteArray();
                         ArrayUtil.reverse(s);
@@ -685,12 +692,13 @@ protected void verifyTables(PointMultiplier multiplier) {
                         ArrayUtil.reverse(b);
                         System.arraycopy(b, 0, s, 0, b.length);
 
-                        // Compare this multiplier to the table (generated by Default multiplier)
+                        // Compare this multiplier to the table
+                        // (generated by Default multiplier)
                         AffinePoint m = multiplier.pointMultiply(s).asAffine();
                         AffinePoint v = points[d][w].asAffine();
                         if (!m.equals(v)) {
                             java.util.HexFormat hex = java.util.HexFormat.of();
-                            throw new RuntimeException("Bad multiple found at ["+d+"]["+w+"]" + hex.formatHex(s) + " " + m.getX().asBigInteger());
+                            throw new RuntimeException();
                         }
                     }
                 }

diff --git a/src/java.base/share/classes/sun/security/ec/point/AffinePoint.java b/src/java.base/share/classes/sun/security/ec/point/AffinePoint.java
@@ -95,14 +95,22 @@ public boolean equals(Object obj) {
             // both fields same
             xEquals = x.asBigInteger().equals(p.x.asBigInteger());
             yEquals = y.asBigInteger().equals(p.y.asBigInteger());
-        } else if (thisMont) { // mismatched fields should not happen in production, but useful in testing
-            IntegerMontgomeryFieldModuloP field = (IntegerMontgomeryFieldModuloP)x.getField();
-            xEquals = x.asBigInteger().equals(field.getElement(p.x.asBigInteger()).asBigInteger());
-            yEquals = y.asBigInteger().equals(field.getElement(p.y.asBigInteger()).asBigInteger());
+        } else if (thisMont) {
+            // mismatched fields should not happen in production, but useful in
+            // testing
+            IntegerMontgomeryFieldModuloP field =
+                (IntegerMontgomeryFieldModuloP)x.getField();
+            xEquals = x.asBigInteger().equals(
+                field.getElement(p.x.asBigInteger()).asBigInteger());
+            yEquals = y.asBigInteger().equals(
+                field.getElement(p.y.asBigInteger()).asBigInteger());
         } else {
-            IntegerMontgomeryFieldModuloP field = (IntegerMontgomeryFieldModuloP)p.x.getField();
-            xEquals = field.getElement(x.asBigInteger()).asBigInteger().equals(p.x.asBigInteger());
-            yEquals = field.getElement(y.asBigInteger()).asBigInteger().equals(p.y.asBigInteger());
+            IntegerMontgomeryFieldModuloP field =
+                (IntegerMontgomeryFieldModuloP)p.x.getField();
+            xEquals = field.getElement(
+                x.asBigInteger()).asBigInteger().equals(p.x.asBigInteger());
+            yEquals = field.getElement(
+                y.asBigInteger()).asBigInteger().equals(p.y.asBigInteger());
         }
         return xEquals && yEquals;
     }

diff --git a/src/java.base/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java b/src/java.base/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java
@@ -64,11 +64,10 @@
 
 public abstract sealed class IntegerPolynomial implements IntegerFieldModuloP
     permits IntegerPolynomial1305, IntegerPolynomial25519,
-            IntegerPolynomial448, IntegerPolynomialP256, MontgomeryIntegerPolynomialP256,
-            IntegerPolynomialP384, IntegerPolynomialP521,
-            IntegerPolynomialModBinP, P256OrderField,
-            P384OrderField, P521OrderField,
-            Curve25519OrderField,
+            IntegerPolynomial448, IntegerPolynomialP256,
+            MontgomeryIntegerPolynomialP256, IntegerPolynomialP384,
+            IntegerPolynomialP521, IntegerPolynomialModBinP, P256OrderField,
+            P384OrderField, P521OrderField, Curve25519OrderField,
             Curve448OrderField {
 
     protected static final BigInteger TWO = BigInteger.valueOf(2);