RFR: 8259535: ECDSA SignatureValue do not always have the specified length

Weijun Wang weijun at openjdk.java.net
Fri Feb 12 15:28:54 UTC 2021


The code change fixes the ECDSA XML signature length issue. It should only happened when there is no P1363 ECDSA support, which is not true when SunEC is used.

Technically, if a PrivateKey is not of ECPrivateKey the bug will still show up, and in this case we can actually look into the OID/parameter of the ASN.1 encoding and do further evaluation, but I think this is not worth doing. Please advise me if you think differently.

-------------

Commit messages:
 - 8259535: ECDSA SignatureValue do not always have the specified length

Changes: https://git.openjdk.java.net/jdk/pull/2550/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2550&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8259535
  Stats: 227 lines in 4 files changed: 216 ins; 2 del; 9 mod
  Patch: https://git.openjdk.java.net/jdk/pull/2550.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/2550/head:pull/2550

PR: https://git.openjdk.java.net/jdk/pull/2550



More information about the security-dev mailing list