openjdk-17: Add patch for CVE-2022-21449

This commit is contained in:
Tee KOBAYASHI 2022-04-21 20:25:55 +09:00 committed by xtkoba
parent 11b8c1f168
commit 5b46eadf36
2 changed files with 77 additions and 1 deletions

View File

@ -0,0 +1,76 @@
From 2d4103a3d929e05edca98e7703e0869077966be7 Mon Sep 17 00:00:00 2001
From: Aleksei Voitylov <avoitylov@openjdk.org>
Date: Mon, 10 Jan 2022 21:08:58 +0000
Subject: [PATCH] 8277233: Improve ECDSA signature support
Reviewed-by: mbaesken
Backport-of: 34714d63f1be267c2bc2ae7a55f936deab8ea6d2
---
.../share/classes/sun/security/provider/DSA.java | 5 +++--
.../classes/sun/security/ec/ECDSAOperations.java | 13 +++++++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/java.base/share/classes/sun/security/provider/DSA.java b/src/java.base/share/classes/sun/security/provider/DSA.java
index a7c42a1f35a..6cbc7d0fbc9 100644
--- a/src/java.base/share/classes/sun/security/provider/DSA.java
+++ b/src/java.base/share/classes/sun/security/provider/DSA.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -362,7 +362,8 @@ protected boolean engineVerify(byte[] signature, int offset, int length)
s = new BigInteger(1, s.toByteArray());
}
- if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1)) {
+ if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1)
+ && r.signum() > 0 && s.signum() > 0) {
BigInteger w = generateW(presetP, presetQ, presetG, s);
BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r);
return v.equals(r);
diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java
index 00010d28d1b..af6b1e160ca 100644
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
import sun.security.util.math.*;
import static sun.security.ec.ECOperations.IntermediateValueException;
+import java.math.BigInteger;
import java.security.ProviderException;
import java.security.spec.*;
import java.util.Arrays;
@@ -200,7 +201,8 @@ public boolean verifySignedDigest(byte[] digest, byte[] sig, ECPoint pp) {
IntegerFieldModuloP field = ecOps.getField();
IntegerFieldModuloP orderField = ecOps.getOrderField();
- int length = (orderField.getSize().bitLength() + 7) / 8;
+ BigInteger mod = orderField.getSize();
+ int length = (mod.bitLength() + 7) / 8;
byte[] r;
byte[] s;
@@ -218,6 +220,13 @@ public boolean verifySignedDigest(byte[] digest, byte[] sig, ECPoint pp) {
System.arraycopy(sig, encodeLength, s, length - encodeLength, encodeLength);
}
+ BigInteger rb = new BigInteger(1, r);
+ BigInteger sb = new BigInteger(1, s);
+ if (rb.signum() == 0 || sb.signum() == 0
+ || rb.compareTo(mod) >= 0 || sb.compareTo(mod) >= 0) {
+ return false;
+ }
+
ArrayUtil.reverse(r);
ArrayUtil.reverse(s);
IntegerModuloP ri = orderField.getElement(r);

View File

@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Java development kit and runtime"
TERMUX_PKG_LICENSE="GPL-2.0"
TERMUX_PKG_MAINTAINER="@termux"
TERMUX_PKG_VERSION=17.0
TERMUX_PKG_REVISION=18
TERMUX_PKG_REVISION=19
TERMUX_PKG_SRCURL=https://github.com/termux/openjdk-mobile-termux/archive/ec285598849a27f681ea6269342cf03cf382eb56.tar.gz
TERMUX_PKG_SHA256=d7c6ead9d80d0f60d98d0414e9dc87f5e18a304e420f5cd21f1aa3210c1a1528
TERMUX_PKG_DEPENDS="freetype, giflib, libandroid-shmem, libandroid-spawn, libiconv, zlib, xorgproto, libx11, libxcursor, libxext, cups, fontconfig, libjpeg-turbo, libpng, libxrender, libxtst, libxrandr, libxt, libxi"