Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 11
Affects Version/s: 11
Component/s: security-libs
Labels:
- conformance

Subcomponent:
java.security
Resolved In Build:
b24

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8208334	12	Valerie Peng	P3	Resolved	Fixed	b05
JDK-8208432	11.0.2	Valerie Peng	P3	Resolved	Fixed	b01
JDK-8209257	11.0.1	Valerie Peng	P3	Resolved	Fixed	b05
JDK-8239039	openjdk8u252	Bradford Wetmore	P3	Resolved	Fixed	b03
JDK-8238057	8u261	Bradford Wetmore	P3	Resolved	Fixed	b01
JDK-8238791	8u251	Bradford Wetmore	P3	Resolved	Fixed	b04
JDK-8246928	emb-8u261	Bradford Wetmore	P3	Resolved	Fixed	team
JDK-8239734	emb-8u251	Bradford Wetmore	P3	Resolved	Fixed	team

When I call this method "Signature.getInstance("RSASSA-PSS").getParameters()" without initializing the Signature parameters, I get the following exception,

Exception java.security.ProviderException: Missing required PSS parameters
at RSAPSSSignature.engineGetParameters (RSAPSSSignature.java:608)
at Signature$Delegate.engineGetParameters (Signature.java:1275)
======================================================
Signature#getParamters() specification says:
"The returned parameters may contain a combination of default and randomly generated parameter values used by the underlying signature implementation if this signature requires algorithm parameters but was not initialized with any."
Specification does not state any possible exceptions being thrown.
======================================================
Also, when I check with other algorithms like “RSA”, “DSA” , this issue is not there.
For e.g.
jshell> Signature.getInstance("SHA256withDSA").getParameters()
$58 ==> null

jshell> Signature.getInstance("SHA256withRSA").getParameters()
$59 ==> null
=====================================================
This bug is filed for clarification of specification (see comment)
Please clarify the specification to include a possible exception being thrown (ProviderException for RSASSA-PSS) or other possible exceptions for future Signature algorithms that require mandatory parameters by the user before any operations could be performed, and user did not set any parameters before using the Signature operations (sign, update, verify).
Or
null could be returned (as per specification)

backported by

JDK-8208334 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

Resolved

JDK-8208432 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

Resolved

JDK-8209257 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

Resolved

JDK-8238057 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

Resolved

JDK-8238791 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

Resolved

JDK-8239039 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

Resolved

JDK-8239734 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

Resolved

JDK-8246928 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

Resolved

csr for

JDK-8206864 Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

Closed

relates to

JDK-8146293 Add support for RSASSA-PSS Signature algorithm

Resolved

JDK-8209038 Clarify the javadoc of Cipher.getParameters()

Resolved

(3 backported by, 1 csr for, 2 relates to)

Assignee:: Valerie Peng

Reporter:: Bharath Nallakaluva (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2018-07-02 09:12

Updated:: 2020-06-09 02:56

Resolved:: 2018-07-23 16:24

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates