[jdk8u] RFR: 8285591: [11] add signum checks in DSA.java engineVerify
Andrew John Hughes
andrew at openjdk.java.net
Mon May 30 16:31:18 UTC 2022
This change was part of a security fix, JDK-8277233, for 17u during the April update. The rest of 8277233 did not apply to older releases, as it concerned code added to ` src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java` by JDK-8237218 in 15u.
However, the additional checks in `src/java.base/share/classes/sun/security/provider/DSA.java` that were included in the patch are applicable to older releases.
I'm raising this for inclusion in 8u342 during rampdown as 17u already has it since the April update and 11u now has this backport. It would be good for 8u to be consistent as soon as possible.
-------------
Commit messages:
- Backport bf3438c5dc993b96d089cabb5318bfc64a6904a3
Changes: https://git.openjdk.java.net/jdk8u/pull/11/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk8u&pr=11&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8285591
Stats: 3 lines in 1 file changed: 1 ins; 0 del; 2 mod
Patch: https://git.openjdk.java.net/jdk8u/pull/11.diff
Fetch: git fetch https://git.openjdk.java.net/jdk8u pull/11/head:pull/11
PR: https://git.openjdk.java.net/jdk8u/pull/11
More information about the jdk8u-dev
mailing list