[9] RFR 8161571: Verifying ECDSA signatures permits trailing bytes

Xuelei Fan xuelei.fan at oracle.com
Thu Jul 21 14:46:17 UTC 2016

Looks fine to me.

Just two minor comments.  The run tag in the test may be not necessary.
Like EC algorithm, maybe the PKCS11 implementation of RSA and DSA
algorithms can also be checked on some platform if not using provider

+      main0("RSA", 2048, "SHA256withRSA", null);
+      main0("DSA", 2048, "SHA256withDSA", null);


On 7/20/2016 3:10 AM, Vincent Ryan wrote:
> Please review this fix to apply stricter length checks when verifying public key signatures.
> Thanks.
> Bug: https://bugs.openjdk.java.net/browse/JDK-8161571
> Webrev: http://cr.openjdk.java.net/~vinnie/8161571/webrev.00/

More information about the security-dev mailing list