[9] RFR 8161571: Verifying ECDSA signatures permits trailing bytes
Vincent Ryan
vincent.x.ryan at oracle.com
Thu Jul 21 22:08:12 UTC 2016
Thanks for the review.
The PKCS11 implementation is a little peculiar in that it is configured out-of-the-box only for Solaris
and that implementation doesn’t support DSA. So I’ve added only the first of your additional lines below.
(NOTE the update to the Ucrypto provider)
Updated webrev at:
http://cr.openjdk.java.net/~vinnie/8161571/webrev.01/
> On 21 Jul 2016, at 15:46, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>
> Looks fine to me.
>
> Just two minor comments. The run tag in the test may be not necessary.
> Like EC algorithm, maybe the PKCS11 implementation of RSA and DSA
> algorithms can also be checked on some platform if not using provider
> option.
>
> + main0("RSA", 2048, "SHA256withRSA", null);
> + main0("DSA", 2048, "SHA256withDSA", null);
>
> Xuelei
>
> On 7/20/2016 3:10 AM, Vincent Ryan wrote:
>> Please review this fix to apply stricter length checks when verifying public key signatures.
>> Thanks.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8161571
>> Webrev: http://cr.openjdk.java.net/~vinnie/8161571/webrev.00/
>>
>
More information about the security-dev
mailing list