From 2d4103a3d929e05edca98e7703e0869077966be7 Mon Sep 17 00:00:00 2001 From: Aleksei Voitylov Date: Mon, 10 Jan 2022 21:08:58 +0000 Subject: [PATCH] 8277233: Improve ECDSA signature support Reviewed-by: mbaesken Backport-of: 34714d63f1be267c2bc2ae7a55f936deab8ea6d2 --- .../share/classes/sun/security/provider/DSA.java | 5 +++-- .../classes/sun/security/ec/ECDSAOperations.java | 13 +++++++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/java.base/share/classes/sun/security/provider/DSA.java b/src/java.base/share/classes/sun/security/provider/DSA.java index a7c42a1f35a..6cbc7d0fbc9 100644 --- a/src/java.base/share/classes/sun/security/provider/DSA.java +++ b/src/java.base/share/classes/sun/security/provider/DSA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -362,7 +362,8 @@ protected boolean engineVerify(byte[] signature, int offset, int length) s = new BigInteger(1, s.toByteArray()); } - if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1)) { + if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1) + && r.signum() > 0 && s.signum() > 0) { BigInteger w = generateW(presetP, presetQ, presetG, s); BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r); return v.equals(r); diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java index 00010d28d1b..af6b1e160ca 100644 --- a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java +++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ import sun.security.util.math.*; import static sun.security.ec.ECOperations.IntermediateValueException; +import java.math.BigInteger; import java.security.ProviderException; import java.security.spec.*; import java.util.Arrays; @@ -200,7 +201,8 @@ public boolean verifySignedDigest(byte[] digest, byte[] sig, ECPoint pp) { IntegerFieldModuloP field = ecOps.getField(); IntegerFieldModuloP orderField = ecOps.getOrderField(); - int length = (orderField.getSize().bitLength() + 7) / 8; + BigInteger mod = orderField.getSize(); + int length = (mod.bitLength() + 7) / 8; byte[] r; byte[] s; @@ -218,6 +220,13 @@ public boolean verifySignedDigest(byte[] digest, byte[] sig, ECPoint pp) { System.arraycopy(sig, encodeLength, s, length - encodeLength, encodeLength); } + BigInteger rb = new BigInteger(1, r); + BigInteger sb = new BigInteger(1, s); + if (rb.signum() == 0 || sb.signum() == 0 + || rb.compareTo(mod) >= 0 || sb.compareTo(mod) >= 0) { + return false; + } + ArrayUtil.reverse(r); ArrayUtil.reverse(s); IntegerModuloP ri = orderField.getElement(r);