--- a/jdk/src/java.base/share/classes/sun/security/provider/DSA.java Fri Jul 22 14:38:33 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSA.java Fri Jul 22 16:05:23 2016 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -329,6 +329,10 @@
r = values[0].getBigInteger();
s = values[1].getBigInteger();
+ // Check for trailing signature data
+ if (in.available() != 0) {
+ throw new IOException("Incorrect signature length");
+ }
} catch (IOException e) {
throw new SignatureException("invalid encoding for signature");
}
--- a/jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSASignature.java Fri Jul 22 14:38:33 2016 +0200
+++ b/jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSASignature.java Fri Jul 22 16:05:23 2016 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
package sun.security.ec;
+import java.io.IOException;
import java.nio.ByteBuffer;
import java.math.BigInteger;
@@ -461,6 +462,11 @@
DerValue[] values = in.getSequence(2);
BigInteger r = values[0].getPositiveBigInteger();
BigInteger s = values[1].getPositiveBigInteger();
+
+ // Check for trailing signature data
+ if (in.available() != 0) {
+ throw new IOException("Incorrect signature length");
+ }
// trim leading zeroes
byte[] rBytes = trimZeroes(r.toByteArray());
byte[] sBytes = trimZeroes(s.toByteArray());
--- a/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11Signature.java Fri Jul 22 14:38:33 2016 +0200
+++ b/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11Signature.java Fri Jul 22 16:05:23 2016 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -742,6 +742,11 @@
DerValue[] values = in.getSequence(2);
BigInteger r = values[0].getPositiveBigInteger();
BigInteger s = values[1].getPositiveBigInteger();
+
+ // Check for trailing signature data
+ if (in.available() != 0) {
+ throw new IOException("Incorrect signature length");
+ }
byte[] br = toByteArray(r, 20);
byte[] bs = toByteArray(s, 20);
if ((br == null) || (bs == null)) {
@@ -761,6 +766,11 @@
DerValue[] values = in.getSequence(2);
BigInteger r = values[0].getPositiveBigInteger();
BigInteger s = values[1].getPositiveBigInteger();
+
+ // Check for trailing signature data
+ if (in.available() != 0) {
+ throw new IOException("Incorrect signature length");
+ }
// trim leading zeroes
byte[] br = KeyUtil.trimZeroes(r.toByteArray());
byte[] bs = KeyUtil.trimZeroes(s.toByteArray());
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java Fri Jul 22 14:38:33 2016 +0200
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java Fri Jul 22 16:05:23 2016 +0100
@@ -330,9 +330,9 @@
protected synchronized boolean engineVerify(byte[] sigBytes, int sigOfs, int sigLen)
throws SignatureException {
if (sigBytes == null || (sigOfs < 0) || (sigBytes.length < (sigOfs + this.sigLength))
- || (sigLen < this.sigLength)) {
- throw new SignatureException("Invalid signature buffer. sigOfs: " +
- sigOfs + ". sigLen: " + sigLen + ". this.sigLength: " + this.sigLength);
+ || (sigLen != this.sigLength)) {
+ throw new SignatureException("Invalid signature length: got " +
+ sigLen + " but was expecting " + this.sigLength);
}
int rv = doFinal(sigBytes, sigOfs, sigLen);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/Signature/SignatureLength.java Fri Jul 22 16:05:23 2016 +0100
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.*;
+
+/*
+ * @test
+ * @bug 8161571
+ * @summary Reject signatures presented for verification that contain extra
+ * bytes.
+ * @run main SignatureLength
+ */
+public class SignatureLength {
+
+ public static void main(String[] args) throws Exception {
+ main0("EC", 256, "SHA256withECDSA", "SunEC");
+ main0("RSA", 2048, "SHA256withRSA", "SunRsaSign");
+ main0("DSA", 2048, "SHA256withDSA", "SUN");
+
+ if (System.getProperty("os.name").equals("SunOS")) {
+ main0("EC", 256, "SHA256withECDSA", null);
+ main0("RSA", 2048, "SHA256withRSA", null);
+ }
+ }
+
+ private static void main0(String keyAlgorithm, int keysize,
+ String signatureAlgorithm, String provider) throws Exception {
+ byte[] plaintext = "aaa".getBytes("UTF-8");
+
+ // Generate
+ KeyPairGenerator generator =
+ provider == null ?
+ (KeyPairGenerator) KeyPairGenerator.getInstance(keyAlgorithm) :
+ (KeyPairGenerator) KeyPairGenerator.getInstance(
+ keyAlgorithm, provider);
+ generator.initialize(keysize);
+ System.out.println("Generating " + keyAlgorithm + " keypair using " +
+ generator.getProvider().getName() + " JCE provider");
+ KeyPair keypair = generator.generateKeyPair();
+
+ // Sign
+ Signature signer =
+ provider == null ?
+ Signature.getInstance(signatureAlgorithm) :
+ Signature.getInstance(signatureAlgorithm, provider);
+ signer.initSign(keypair.getPrivate());
+ signer.update(plaintext);
+ System.out.println("Signing using " + signer.getProvider().getName() +
+ " JCE provider");
+ byte[] signature = signer.sign();
+
+ // Invalidate
+ System.out.println("Invalidating signature ...");
+ byte[] badSignature = new byte[signature.length + 5];
+ System.arraycopy(signature, 0, badSignature, 0, signature.length);
+ badSignature[signature.length] = 0x01;
+ badSignature[signature.length + 1] = 0x01;
+ badSignature[signature.length + 2] = 0x01;
+ badSignature[signature.length + 3] = 0x01;
+ badSignature[signature.length + 4] = 0x01;
+
+ // Verify
+ Signature verifier =
+ provider == null ?
+ Signature.getInstance(signatureAlgorithm) :
+ Signature.getInstance(signatureAlgorithm, provider);
+ verifier.initVerify(keypair.getPublic());
+ verifier.update(plaintext);
+ System.out.println("Verifying using " +
+ verifier.getProvider().getName() + " JCE provider");
+
+ try {
+ System.out.println("Valid? " + verifier.verify(badSignature));
+ throw new Exception(
+ "ERROR: expected a SignatureException but none was thrown");
+ } catch (SignatureException e) {
+ System.out.println("OK: caught expected exception: " + e);
+ }
+ System.out.println();
+ }
+}