Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix java 15-18 ECDSA vulnerability. #1996

Merged
merged 1 commit into from
Apr 24, 2022
Merged

Fix java 15-18 ECDSA vulnerability. #1996

merged 1 commit into from
Apr 24, 2022

Conversation

boaks
Copy link
Contributor

@boaks boaks commented Apr 22, 2022

Add missing check of R and S after successful signature verification.
Applies only to DTLS, not TLS. TLS requires a fixed JCE!

Signed-off-by: Achim Kraus achim.kraus@bosch.io

@boaks boaks mentioned this pull request Apr 22, 2022
Closed
@boaks boaks force-pushed the fix_ecdsa branch 5 times, most recently from 6bd2126 to 64ad69c Compare April 23, 2022 07:18
Fix java 15-18 ECDSA vulnerability.
022565f 
Add missing check of signatures's R and S after successful signature
verification.
Applies only to DTLS, not TLS. TLS requires a fixed JCE!
The fixed x509 certificate path validation is executed by the
CertPathUtil.
If other implementations are used, the
Asn1DerDecoder.checkCertificateChain must be called there.

Signed-off-by: Achim Kraus <achim.kraus@bosch.io>
@boaks boaks merged commit 711d0f8 into eclipse-californium:master Apr 24, 2022
@boaks boaks deleted the fix_ecdsa branch April 29, 2022 09:31
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@boaks