RFR 8147502: Digest is incorrectly truncated for ECDSA signatures...
Adam Petcher
adam.petcher at oracle.com
Tue Mar 19 19:22:15 UTC 2019
Thanks! I updated the copyright in the push.
On 3/18/2019 12:26 PM, Jamil Nimeh wrote:
> Hi Adam, this looks good. For your test it seems perfectly reasonable
> to make a mock SecureRandom that lets you control the bits since
> you're trying to run a known-answer test for a function that would
> normally be non-deterministic. Just one really tiny nit, update the
> copyright on ec.c.
>
> --Jamil
>
> On 3/4/19 11:40 AM, Adam Petcher wrote:
>> webrev: https://cr.openjdk.java.net/~apetcher/8147502/webrev.00/
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8147502
>>
>> Please review this fix to a bug that causes ECDSA signatures to be
>> incorrect in some cases. The fix is simple, but testing this issue is
>> difficult because the API doesn't give access to the raw signing
>> operation so we can check it using known answer tests. I got around
>> this difficulty in the regression test by using a modified
>> SecureRandom that supplies specific bits in order to produce the
>> correct nonce. The test is a bit complicated and brittle, so if
>> anyone has any other suggestions on how to do this, please share.
>>
More information about the security-dev
mailing list