-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P2
-
Affects Version/s: 6, 6u16
-
Component/s: security-libs
-
b89
-
generic, sparc
-
generic, solaris_10
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2182500 | 6u18 | Valerie Peng | P2 | Closed | Fixed | b03 |
| JDK-2190516 | OpenJDK6 | Valerie Peng | P2 | Resolved | Fixed | b21 |
The constructor SignedObject(Serializable,PrivateKey,Signature) throws ProviderException in case when PrivateKey and Signature parameters are created using provider "SunPKCS11-Solaris".
Please see the minitest and it's output:
-----------------------------------------------------------
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignedObject;
public class SignatureMinitest {
public static void main(String[] args) throws Exception {
String provider = "SunPKCS11-Solaris";
Signature sig = Signature.getInstance("SHA384withRSA", provider);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", provider);
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
PrivateKey privKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
sig.initSign(privKey);
new SignedObject("Test string for getSignature test.", privKey, sig);
}
}
Exception in thread "main" java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:483)
at java.security.Signature$Delegate.engineSign(Signature.java:1128)
at java.security.Signature.sign(Signature.java:522)
at java.security.SignedObject.sign(SignedObject.java:227)
at java.security.SignedObject.<init>(SignedObject.java:144)
at SignatureMinitest.main(SignatureMinitest.java:20)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
at sun.security.pkcs11.wrapper.PKCS11.C_Sign(Native Method)
at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:474)
... 5 more
-----------------------------------------------------------
Possibly the root cause is the key length, because the same code with provider "SunRsaSign" produces InvalidKeyException:
Exception in thread "main" java.security.InvalidKeyException: Key is too short for this signature algorithm
at sun.security.rsa.RSASignature.initCommon(RSASignature.java:111)
at sun.security.rsa.RSASignature.engineInitSign(RSASignature.java:93)
at sun.security.rsa.RSASignature.engineInitSign(RSASignature.java:84)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1095)
at java.security.Signature.initSign(Signature.java:480)
at SignatureMinitest.main(SignatureMinitest.java:19)
Please see the minitest and it's output:
-----------------------------------------------------------
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignedObject;
public class SignatureMinitest {
public static void main(String[] args) throws Exception {
String provider = "SunPKCS11-Solaris";
Signature sig = Signature.getInstance("SHA384withRSA", provider);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", provider);
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
PrivateKey privKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
sig.initSign(privKey);
new SignedObject("Test string for getSignature test.", privKey, sig);
}
}
Exception in thread "main" java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:483)
at java.security.Signature$Delegate.engineSign(Signature.java:1128)
at java.security.Signature.sign(Signature.java:522)
at java.security.SignedObject.sign(SignedObject.java:227)
at java.security.SignedObject.<init>(SignedObject.java:144)
at SignatureMinitest.main(SignatureMinitest.java:20)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
at sun.security.pkcs11.wrapper.PKCS11.C_Sign(Native Method)
at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:474)
... 5 more
-----------------------------------------------------------
Possibly the root cause is the key length, because the same code with provider "SunRsaSign" produces InvalidKeyException:
Exception in thread "main" java.security.InvalidKeyException: Key is too short for this signature algorithm
at sun.security.rsa.RSASignature.initCommon(RSASignature.java:111)
at sun.security.rsa.RSASignature.engineInitSign(RSASignature.java:93)
at sun.security.rsa.RSASignature.engineInitSign(RSASignature.java:84)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1095)
at java.security.Signature.initSign(Signature.java:480)
at SignatureMinitest.main(SignatureMinitest.java:19)
- backported by
-
JDK-2190516 SignedObject constructor throws ProviderException if it's called using provider "SunPKCS11-Solaris"
-
- Resolved
-
-
-
- Closed
-