Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8161571

Verifying ECDSA signatures permits trailing bytes

XMLWordPrintable

    • b129
    • generic
    • generic
    • Verified

        FULL PRODUCT VERSION :
        openjdk version "1.8.0_92"
        OpenJDK Runtime Environment (build 1.8.0_92-b14)
        OpenJDK 64-Bit Server VM (build 25.92-b14, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Linux nicks-dryden 4.5.7-200.fc23.x86_64 #1 SMP Wed Jun 8 17:41:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

        EXTRA RELEVANT SYSTEM CONFIGURATION :
        Version of sunec.jar:

        unzip -p /usr/lib/jvm/jre/lib/ext/sunec.jar META-INF/MANIFEST.MF
        Manifest-Version: 1.0
        Implementation-Title: Java Runtime Environment
        Implementation-Version: 1.8.0_92
        Specification-Vendor: Oracle Corporation
        Specification-Title: Java Platform API Specification
        Implementation-Vendor-Id: com.sun
        Extension-Name: javax.crypto
        Specification-Version: 1.8
        Created-By: 1.8.0_92 (Oracle Corporation)
        Implementation-Vendor: N/A

        A DESCRIPTION OF THE PROBLEM :
        When verifying ECDSA signatures, the SunEC provider does not validate the signature length, allowing signatures with bogus trailing bytes to be allowed.

        Having stepped through the source code, the problem is in sun.security.ec.ECDSASignature; the decodeSignature() method unpacks the DER signature but does check for trailing bytes.


        REPRODUCIBILITY :
        This bug can be reproduced always.

          1. JI9041315.java
            3 kB

              vinnie Vincent Ryan
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: