Holy crap! Recent Java runtimes have a completely broken ECDSA signature checking and no one noticed for years!

https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

Makes you wonder about the old adage, “don’t roll your own crypto”, but even the “experts” didn’t get this one right.

I guess this is why everyone uses Bouncy Castle for cryptography implementations.