8286908: ECDSA signature should not return parameters

Reviewed-by: ascarpino, hchao, valeriep
2025-08-28 15:24:43 +02:00 · 2022-05-23 13:34:23 +00:00 · 2022-05-23 13:34:23 +00:00 · 8040aa0073
commit 8040aa0073
parent 689f80cbad
4 changed files with 73 additions and 49 deletions
--- a/src/java.base/share/classes/sun/security/util/SignatureUtil.java
+++ b/src/java.base/share/classes/sun/security/util/SignatureUtil.java
@ -151,17 +151,10 @@ public class SignatureUtil {
                    createAlgorithmParameters(sigName, paramBytes);
                paramSpec = RSAUtil.getParamSpec(params);
            } else if (sigName.contains("ECDSA")) {
-                try {
-                    Provider p = Signature.getInstance(sigName).getProvider();
-                    paramSpec = ECUtil.getECParameterSpec(p, paramBytes);
-                } catch (Exception e) {
-                    throw new ProviderException("Error handling EC parameters", e);
-                }
-                // ECUtil discards exception and returns null, so we need to check
-                // the returned value
-                if (paramSpec == null) {
-                    throw new ProviderException("Error handling EC parameters");
-                }
+                // Some certificates have params in an ECDSA algorithmID.
+                // According to RFC 3279 2.2.3 and RFC 5758 3.2,
+                // they are useless and should be ignored.
+                return null;
            } else {
                throw new ProviderException
                     ("Unrecognized algorithm for signature parameters " +
--- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
+++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
@ -213,10 +213,14 @@ public class AlgorithmId implements Serializable, DerEncoder {
                    || algid.equals(ed25519_oid)
                    || algid.equals(x448_oid)
                    || algid.equals(x25519_oid)
+                    || algid.equals(SHA1withECDSA_oid)
                    || algid.equals(SHA224withECDSA_oid)
                    || algid.equals(SHA256withECDSA_oid)
                    || algid.equals(SHA384withECDSA_oid)
                    || algid.equals(SHA512withECDSA_oid)) {
+                // RFC 3279 2.2.3: When the ecdsa-with-SHA1 algorithm identifier
+                // appears as the algorithm field in an AlgorithmIdentifier,
+                // the encoding MUST omit the parameters field.
                // RFC 4055 3.3: when an RSASSA-PSS key does not require
                // parameter validation, field is absent.
                // RFC 8410 3: for id-X25519, id-X448, id-Ed25519, and
@ -692,6 +696,8 @@ public class AlgorithmId implements Serializable, DerEncoder {
    public static final ObjectIdentifier x448_oid =
            ObjectIdentifier.of(KnownOIDs.X448);

+    public static final ObjectIdentifier SHA1withECDSA_oid =
+            ObjectIdentifier.of(KnownOIDs.SHA1withECDSA);
    public static final ObjectIdentifier SHA224withECDSA_oid =
            ObjectIdentifier.of(KnownOIDs.SHA224withECDSA);
    public static final ObjectIdentifier SHA256withECDSA_oid =