JDK-8286908 : ECDSA signature should not return parameters
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P4
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2022-05-17
  • Updated: 2022-05-23
  • Resolved: 2022-05-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 19
19 masterResolved
Related Reports
CSR :  
JDK-8286982 - ECDSA signature should not return parameters
Relates :  
JDK-8225745 - NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support
Sub Tasks
JDK-8286985 :  
Release Note: getParameters of ECDSA signature objects always return null - New
Description
The Signature::getParameters API can be used by a signer to combine its output along with the signature algorithm OID to create an algorithm identifier so that the verifier has enough info to verify the signature.

According to The ECDSA signature scheme for X.509 at https://datatracker.ietf.org/doc/html/rfc5758#section-3.2,

   When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
   ecdsa-with-SHA512 algorithm identifier appears in the algorithm field
   as an AlgorithmIdentifier, the encoding MUST omit the parameters
   field.  That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one
   component, the OID ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-
   SHA384, or ecdsa-with-SHA512.

Notice the "MUST omit the parameters field" words inside. However, Java's ECDSA impl allows setting parameters and returning it at https://github.com/openjdk/jdk/blob/29e0f1386d247731e8733f6fdd1307642b2b9f96/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSASignature.java#L530.
Comments
Changeset: 8040aa00 Author: Weijun Wang <weijun@openjdk.org> Date: 2022-05-23 13:34:23 +0000 URL: https://git.openjdk.java.net/jdk/commit/8040aa0073e7ea22b2fdff5bddff10c244e116ef
23-05-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk/pull/8758 Date: 2022-05-17 19:56:22 +0000
17-05-2022