Hello Michael,
thanks for the pointer, interesting read.
I think the key takeaway from that discussion is, that the Wycheproof Testcases
would have catched this problem and should probably be added to the OpenJDK
tests. (I wonder, does Google not run those in qualification builds?)
The discussion itself is a bit strange in regards to expensive validations
since the null test is rather fast, but I suppose it is a sore point of
non-safe curves with Java having previously good track records.
BTW for completeness the change from the April update is here, it does not only
cover ECDSA but also DSA:
https://github.com/openjdk/jdk/commit/e2f8ce9c3ff4518e070960bafa70ba780746aa5c
While the ECDSA Bug is introduced in java 15 the DSA part of the patch affects
Java for ages (CVE is 7+). Those 7/8 fixes are available from some of the
vendors (like Oracle and Azul), however the OpenJDK 8u Repo seems to be not yet
fixed:
https://github.com/openjdk/jdk8u/blob/d91ee59b3c8cd76b945b517336351f496ab3ff56/jdk/src/share/classes/sun/security/provider/DSA.java#L302
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: security-dev im Auftrag von Michael
StJohns
Gesendet: Friday, April 22, 2022 12:39:38 AM
An: security-dev@openjdk.java.net
Betreff: CVE-2022-21449: Psychic Signatures in Java
Hi -
FYI - This is currently getting some play time on the Crypto Forum
Research Group (related to the IETF):
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ The
thread starts here:
https://mailarchive.ietf.org/arch/msg/cfrg/wlIuVws-pmccvbGbBrIBVBhN2GQ/
It's probably covered by an existing patch, but I thought the thread was
a useful pointer to some tools.
Later, Mike