[jdk8u] RFR: 8285591: [11] add signum checks in DSA.java engineVerify [v2]

[Martin Balao]

On Tue, 31 May 2022 15:11:11 GMT, Andrew John Hughes <andrew at openjdk.org> wrote:

>> This change was part of a security fix, JDK-8277233, for 17u during the April update.  The rest of 8277233 did not apply to older releases, as it concerned code added to ` src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java` by JDK-8237218 in 15u.
>> 
>> However, the additional checks in `src/java.base/share/classes/sun/security/provider/DSA.java` that were included in the patch are applicable to older releases.
>> 
>> I'm raising this for inclusion in 8u342 during rampdown as 17u already has it since the April update and 11u now has this backport. It would be good for 8u to be consistent as soon as possible.
>
> Andrew John Hughes has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains two additional commits since the last revision:
> 
>  - Merge remote-tracking branch 'jdk8u/master' into JDK-8285591
>  - Backport bf3438c5dc993b96d089cabb5318bfc64a6904a3

I will look into this today.

-------------

PR: https://git.openjdk.java.net/jdk8u/pull/11