Public bug reported: I was trying to file this bug at the openJDK bugtracker, but only developers are allowed to do so. I got redirected to file it with my distribution, so I hope that this is the right place to file this bug:
I am on Ubuntu 18.04.1 LTS and using openjdk openjdk-8-jdk: Installed: 8u181-b13-0ubuntu0.18.04.1 This issue relates to the XML DSIG implementation. I have encountered a incompatibility with the xmlsec library available at https://www.aleksey.com/xmlsec/ and also packaged in ubuntu. The issue occurs occasionally when using ECDSA. The XML field SignatureValue contains the base64 encoded concatentation of the values r and s. The libxmlsec expects to be the signature value to be of always the same size. The JDK implementation however sometimes generates shorter signatures. The length is selected as the bigger of the two integers: https://github.com/unofficial-openjdk/openjdk/blob/531ef5d0ede6d733b00c9bc1b6b3c14a0b2b3e81/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java#L75 My understanding of RFC 6931 Section 2.3.6. and also IEEE 1363 Section E.3.1 is that the length should only depend upon the respective curve and not upon the value of r and s. The line int 'rawLen = Math.max' however leads to a shorter output if both r and s contain leading zeros. I have also opened a similar report at libxml: https://github.com/lsh123/xmlsec/issues/228 Best regards ** Affects: openjdk-8 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797101 Title: incompatibility with libxmlsec To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1797101/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
