RFR 8147502: Digest is incorrectly truncated for ECDSA signatures...

Adam Petcher adam.petcher at oracle.com
Tue Mar 19 19:22:15 UTC 2019


Thanks! I updated the copyright in the push.

On 3/18/2019 12:26 PM, Jamil Nimeh wrote:
> Hi Adam, this looks good.  For your test it seems perfectly reasonable 
> to make a mock SecureRandom that lets you control the bits since 
> you're trying to run a known-answer test for a function that would 
> normally be non-deterministic.  Just one really tiny nit, update the 
> copyright on ec.c.
>
> --Jamil
>
> On 3/4/19 11:40 AM, Adam Petcher wrote:
>> webrev: https://cr.openjdk.java.net/~apetcher/8147502/webrev.00/
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8147502
>>
>> Please review this fix to a bug that causes ECDSA signatures to be 
>> incorrect in some cases. The fix is simple, but testing this issue is 
>> difficult because the API doesn't give access to the raw signing 
>> operation so we can check it using known answer tests. I got around 
>> this difficulty in the regression test by using a modified 
>> SecureRandom that supplies specific bits in order to produce the 
>> correct nonce. The test is a bit complicated and brittle, so if 
>> anyone has any other suggestions on how to do this, please share.
>>



More information about the security-dev mailing list