[8u] RFR 8147502: Digest is incorrectly truncated for ECDSA signatures when the bit length of n is less than the field size
Andrew John Hughes
gnu.andrew at redhat.com
Tue Sep 3 03:44:46 UTC 2019
On 08/08/2019 20:40, Martin Balao wrote:
> Hi,
>
> I'd like to request a review for the jdk8u backport of 8147502 [1]:
>
> *
> http://cr.openjdk.java.net/~mbalao/webrevs/8147502/8147502.webrev.jdk8u.jdk.00/
>
> Changes:
>
> * SignatureDigestTruncate.java
> * Import of jdk.testlibrary.Convert
> * @library and @build jtreg tags
> * Backport of Convert.java
> * Test algorithm (changes to one with jdk8u support)
> * I've verified that the signature gets truncated with this algorithm
> debugging the libsunec.so code
> * Test expected value
> * Verified with BouncyCastle
> * The curve is unsupported in NSS since 2006 (NSS 3.10)
> * I've also compared the patch against the NSS library
>
> Patch and copyright changes were also needed.
>
> SignatureDigestTruncate test passed.
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.java.net/browse/JDK-8147502
>
Bringing Convert.java in here is ok because we can't backport the
feature changeset "8171277: Elliptic Curves for Security in Crypto",
but, in cases like this, please explain why you have chosen to include
additional files/hunks beyond the original changes, so reviewers don't
have to duplicate the work of finding out the source of these changes.
Approved.
Thanks,
--
Andrew :)
Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
https://keybase.io/gnu_andrew
More information about the jdk8u-dev
mailing list