<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<div dir="ltr">
<div dir="ltr" style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<p style="margin: 0px; font-size: 19px; line-height: normal; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal">Hello Michael,</span></p>
<p style="margin: 0px; font-size: 19px; line-height: normal; min-height: 24px; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal"></span><br>
</p>
<p style="margin: 0px; font-size: 19px; line-height: normal; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal">thanks for the pointer, interesting read.</span></p>
<p style="margin: 0px; font-size: 19px; line-height: normal; min-height: 24px; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal"></span><br>
</p>
<p style="margin: 0px; font-size: 19px; line-height: normal; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal">I think the key takeaway from that discussion is, that the Wycheproof Testcases would have catched this problem and should probably be added to the OpenJDK tests. (I wonder, does Google not
run those in qualification builds?)</span></p>
<p style="margin: 0px; font-size: 19px; line-height: normal; min-height: 24px; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal"></span><br>
</p>
<p style="margin: 0px; font-size: 19px; line-height: normal; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal">The discussion itself is a bit strange in regards to expensive validations since the null test is rather fast, but I suppose it is a sore point of non-safe curves with Java having previously
good track records.</span></p>
<p style="margin: 0px; font-size: 19px; line-height: normal; min-height: 24px; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal"></span><br>
</p>
<p style="margin: 0px; font-size: 19px; line-height: normal; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal">BTW for completeness the change from the April update is here, it does not only cover ECDSA but also DSA: https://github.com/openjdk/jdk/commit/e2f8ce9c3ff4518e070960bafa70ba780746aa5c</span></p>
<p style="margin: 0px; font-size: 19px; line-height: normal; min-height: 24px; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal"></span><br>
</p>
<p style="margin: 0px; font-size: 19px; line-height: normal; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal">While the ECDSA Bug is introduced in java 15 the DSA part of the patch affects Java for ages (CVE is 7+). Those 7/8 fixes are available from some of the vendors (like Oracle and Azul), however
the OpenJDK 8u Repo seems to be not yet fixed: https://github.com/openjdk/jdk8u/blob/d91ee59b3c8cd76b945b517336351f496ab3ff56/jdk/src/share/classes/sun/security/provider/DSA.java#L302</span></p>
<p style="margin: 0px; font-size: 19px; line-height: normal; min-height: 24px; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">
<span style="font-family:UICTFontTextStyleBody;font-weight:normal"></span><br>
</p>
Gruss</div>
<div dir="ltr" style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
Bernd</div>
<div id="ms-outlook-mobile-signature">
<div style="direction:ltr">-- </div>
<div style="direction:ltr">http://bernd.eckenfels.net</div>
</div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>Von:</b> security-dev <security-dev-retn@openjdk.java.net> im Auftrag von Michael StJohns <msj@nthpermutation.com><br>
<b>Gesendet:</b> Friday, April 22, 2022 12:39:38 AM<br>
<b>An:</b> security-dev@openjdk.java.net <security-dev@openjdk.java.net><br>
<b>Betreff:</b> CVE-2022-21449: Psychic Signatures in Java</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Hi -<br>
<br>
FYI - This is currently getting some play time on the Crypto Forum <br>
Research Group (related to the IETF): <br>
<a href="https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/">https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/</a> The
<br>
thread starts here: <br>
<a href="https://mailarchive.ietf.org/arch/msg/cfrg/wlIuVws-pmccvbGbBrIBVBhN2GQ/">https://mailarchive.ietf.org/arch/msg/cfrg/wlIuVws-pmccvbGbBrIBVBhN2GQ/</a><br>
<br>
It's probably covered by an existing patch, but I thought the thread was <br>
a useful pointer to some tools.<br>
<br>
Later, Mike<br>
<br>
<br>
<br>
<br>
<br>
</div>
</span></font></div>
</body>
</html>