[9] RFR 8161571: Verifying ECDSA signatures permits trailing bytes
Xuelei Fan
xuelei.fan at oracle.com
Thu Jul 21 14:46:17 UTC 2016
Looks fine to me.
Just two minor comments. The run tag in the test may be not necessary.
Like EC algorithm, maybe the PKCS11 implementation of RSA and DSA
algorithms can also be checked on some platform if not using provider
option.
+ main0("RSA", 2048, "SHA256withRSA", null);
+ main0("DSA", 2048, "SHA256withDSA", null);
Xuelei
On 7/20/2016 3:10 AM, Vincent Ryan wrote:
> Please review this fix to apply stricter length checks when verifying public key signatures.
> Thanks.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8161571
> Webrev: http://cr.openjdk.java.net/~vinnie/8161571/webrev.00/
>
More information about the security-dev
mailing list