Uploaded image for project: 'Commons'
  1. Commons
  2. COMMONS-309

ECDSA signing handler DER encoding loses sign bit

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 22.0.0, 23.0.0, 24.0.0
    • 24.0.0
    • JSON Web Token
    • None

      Description

      The fix for COMMONS-142 strips all leading zeroes from the ASN.1 integer values used when encoding ECDSA signatures into DER format. This can end up converting positive values to negative if the first non-zero byte has the high bit set. The Oracle/Sun ECDSA provider always interprets these values as unsigned so this does not matter, but other providers may not. In particular, when the JVM is configured to prefer the Bouncy Castle provider then this can fail as BC reads the values as signed integers and will reject negative values.

      The code should instead strip allĀ redundant leading zero bytes but ensure that sign is preserved:

      for (int index = 0; index < data.length - 1; index++) {
          if (data[index] != 0 || (data[index+1] & 0x80) != 0) {
              ...

        Attachments

          Activity

            People

            neil.madden Neil Madden
            neil.madden Neil Madden
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: