CVE-2022-21449: Psychic Signatures in Java
Bernd Eckenfels
ecki at zusammenkunft.net
Tue Apr 26 22:49:48 UTC 2022
Hello Michael,
thanks for the pointer, interesting read.
I think the key takeaway from that discussion is, that the Wycheproof Testcases would have catched this problem and should probably be added to the OpenJDK tests. (I wonder, does Google not run those in qualification builds?)
The discussion itself is a bit strange in regards to expensive validations since the null test is rather fast, but I suppose it is a sore point of non-safe curves with Java having previously good track records.
BTW for completeness the change from the April update is here, it does not only cover ECDSA but also DSA: https://github.com/openjdk/jdk/commit/e2f8ce9c3ff4518e070960bafa70ba780746aa5c
While the ECDSA Bug is introduced in java 15 the DSA part of the patch affects Java for ages (CVE is 7+). Those 7/8 fixes are available from some of the vendors (like Oracle and Azul), however the OpenJDK 8u Repo seems to be not yet fixed: https://github.com/openjdk/jdk8u/blob/d91ee59b3c8cd76b945b517336351f496ab3ff56/jdk/src/share/classes/sun/security/provider/DSA.java#L302
Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: security-dev <security-dev-retn at openjdk.java.net> im Auftrag von Michael StJohns <msj at nthpermutation.com>
Gesendet: Friday, April 22, 2022 12:39:38 AM
An: security-dev at openjdk.java.net <security-dev at openjdk.java.net>
Betreff: CVE-2022-21449: Psychic Signatures in Java
Hi -
FYI - This is currently getting some play time on the Crypto Forum
Research Group (related to the IETF):
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ The
thread starts here:
https://mailarchive.ietf.org/arch/msg/cfrg/wlIuVws-pmccvbGbBrIBVBhN2GQ/
It's probably covered by an existing patch, but I thought the thread was
a useful pointer to some tools.
Later, Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20220426/3c91433b/attachment.htm>
More information about the security-dev
mailing list