termux/termux-packages
0
0
Fork 0
mirror of https://github.com/termux/termux-packages.git synced 2024-12-04 18:45:52 +00:00
Code
termux-packages/packages/openjdk-17/0027-8277233-Improve-ECDSA-signature-support.patch

80 lines
3.4 KiB
Diff
Raw Permalink Blame History

From 0340e303d7ae77f73a6451737a9e7e4583010fdd Mon Sep 17 00:00:00 2001
From: Aleksei Voitylov <avoitylov@openjdk.org>
Date: Mon, 10 Jan 2022 21:08:58 +0000
Subject: [PATCH] 8277233: Improve ECDSA signature support
Reviewed-by: mbaesken
Backport-of: 34714d63f1be267c2bc2ae7a55f936deab8ea6d2
---
.../share/classes/sun/security/provider/DSA.java | 5 +++--
.../classes/sun/security/ec/ECDSAOperations.java | 13 +++++++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/java.base/share/classes/sun/security/provider/DSA.java b/src/java.base/share/classes/sun/security/provider/DSA.java
index a7c42a1f35a0..6cbc7d0fbc98 100644
--- a/src/java.base/share/classes/sun/security/provider/DSA.java
+++ b/src/java.base/share/classes/sun/security/provider/DSA.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -362,7 +362,8 @@ abstract class DSA extends SignatureSpi {
s = new BigInteger(1, s.toByteArray());
}
- if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1)) {
+ if ((r.compareTo(presetQ) == -1) && (s.compareTo(presetQ) == -1)
+ && r.signum() > 0 && s.signum() > 0) {
BigInteger w = generateW(presetP, presetQ, presetG, s);
BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r);
return v.equals(r);
diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java
index 00010d28d1b7..af6b1e160ca5 100644
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSAOperations.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@ import sun.security.util.ArrayUtil;
import sun.security.util.math.*;
import static sun.security.ec.ECOperations.IntermediateValueException;
+import java.math.BigInteger;
import java.security.ProviderException;
import java.security.spec.*;
import java.util.Arrays;
@@ -200,7 +201,8 @@ public class ECDSAOperations {
IntegerFieldModuloP field = ecOps.getField();
IntegerFieldModuloP orderField = ecOps.getOrderField();
- int length = (orderField.getSize().bitLength() + 7) / 8;
+ BigInteger mod = orderField.getSize();
+ int length = (mod.bitLength() + 7) / 8;
byte[] r;
byte[] s;
@@ -218,6 +220,13 @@ public class ECDSAOperations {
System.arraycopy(sig, encodeLength, s, length - encodeLength, encodeLength);
}
+ BigInteger rb = new BigInteger(1, r);
+ BigInteger sb = new BigInteger(1, s);
+ if (rb.signum() == 0 || sb.signum() == 0
+ || rb.compareTo(mod) >= 0 || sb.compareTo(mod) >= 0) {
+ return false;
+ }
+
ArrayUtil.reverse(r);
ArrayUtil.reverse(s);
IntegerModuloP ri = orderField.getElement(r);
--
2.44.0
View Git Blame Copy Permalink