incompatibility with libxmlsec
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openjdk-8 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| xmlsec1 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
I was trying to file this bug at the openJDK bugtracker, but only developers are allowed to do so. I got redirected to file it with my distribution, so I hope that this is the right place to file this bug:
I am on Ubuntu 18.04.1 LTS and using openjdk
openjdk-8-jdk:
Installed: 8u181-b13-
This issue relates to the XML DSIG implementation.
I have encountered a incompatibility with the xmlsec library available at https:/
The XML field SignatureValue contains the base64 encoded concatentation of the values r and s. The libxmlsec expects to be the signature value to be of always the same size. The JDK implementation however sometimes generates shorter signatures. The length is selected as the bigger of the two integers: https:/
My understanding of RFC 6931 Section 2.3.6. and also IEEE 1363 Section E.3.1 is that the length should only depend upon the respective curve and not upon the value of r and s. The line int 'rawLen = Math.max' however leads to a shorter output if both r and s contain leading zeros.
I have also opened a similar report at libxml: https:/
Best regards
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in openjdk-8 (Ubuntu): | |
| status: | New → Confirmed |
| Manuel Biscaia (mbiscaia) wrote | #2 |
| tags: | added: bionic |
| Thorsten Glaser (mirabilos) wrote | #3 |
| Changed in openjdk-8 (Ubuntu): | |
| status: | Confirmed → Fix Released |
Status changed to 'Confirmed' because the bug affects multiple users.