openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #14152
[Bug 1797101] Re: incompatibility with libxmlsec
See https://bugs.openjdk.java.net/browse/JDK-8259535
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-8 in Ubuntu.
https://bugs.launchpad.net/bugs/1797101
Title:
incompatibility with libxmlsec
Status in openjdk-8 package in Ubuntu:
Confirmed
Bug description:
I was trying to file this bug at the openJDK bugtracker, but only
developers are allowed to do so. I got redirected to file it with my
distribution, so I hope that this is the right place to file this bug:
I am on Ubuntu 18.04.1 LTS and using openjdk
openjdk-8-jdk:
Installed: 8u181-b13-0ubuntu0.18.04.1
This issue relates to the XML DSIG implementation.
I have encountered a incompatibility with the xmlsec library available
at https://www.aleksey.com/xmlsec/ and also packaged in ubuntu. The
issue occurs occasionally when using ECDSA.
The XML field SignatureValue contains the base64 encoded concatentation of the values r and s. The libxmlsec expects to be the signature value to be of always the same size. The JDK implementation however sometimes generates shorter signatures. The length is selected as the bigger of the two integers: https://github.com/unofficial-openjdk/openjdk/blob/531ef5d0ede6d733b00c9bc1b6b3c14a0b2b3e81/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java#L75
My understanding of RFC 6931 Section 2.3.6. and also IEEE 1363 Section E.3.1 is that the length should only depend upon the respective curve and not upon the value of r and s. The line int 'rawLen = Math.max' however leads to a shorter output if both r and s contain leading zeros.
I have also opened a similar report at libxml: https://github.com/lsh123/xmlsec/issues/228
Best regards
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1797101/+subscriptions
References