Hello Michael,
thanks for the pointer, interesting read. I think the key takeaway from that discussion is, that the Wycheproof Testcases would have catched this problem and should probably be added to the OpenJDK tests. (I wonder, does Google not run those in qualification builds?) The discussion itself is a bit strange in regards to expensive validations since the null test is rather fast, but I suppose it is a sore point of non-safe curves with Java having previously good track records. BTW for completeness the change from the April update is here, it does not only cover ECDSA but also DSA: https://github.com/openjdk/jdk/commit/e2f8ce9c3ff4518e070960bafa70ba780746aa5c While the ECDSA Bug is introduced in java 15 the DSA part of the patch affects Java for ages (CVE is 7+). Those 7/8 fixes are available from some of the vendors (like Oracle and Azul), however the OpenJDK 8u Repo seems to be not yet fixed: https://github.com/openjdk/jdk8u/blob/d91ee59b3c8cd76b945b517336351f496ab3ff56/jdk/src/share/classes/sun/security/provider/DSA.java#L302 Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: security-dev <security-dev-r...@openjdk.java.net> im Auftrag von Michael StJohns <m...@nthpermutation.com> Gesendet: Friday, April 22, 2022 12:39:38 AM An: security-dev@openjdk.java.net <security-dev@openjdk.java.net> Betreff: CVE-2022-21449: Psychic Signatures in Java Hi - FYI - This is currently getting some play time on the Crypto Forum Research Group (related to the IETF): https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ The thread starts here: https://mailarchive.ietf.org/arch/msg/cfrg/wlIuVws-pmccvbGbBrIBVBhN2GQ/ It's probably covered by an existing patch, but I thought the thread was a useful pointer to some tools. Later, Mike
