Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 15
Affects Version/s: 8, 11, 15
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b19
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8249767	11.0.9-oracle	Valerie Peng	P3	Resolved	Fixed	b02
JDK-8249863	11.0.9	Valerie Peng	P3	Resolved	Fixed	b01
JDK-8250835	openjdk8u272	Valerie Peng	P3	Resolved	Fixed	b02
JDK-8249766	8u271	Valerie Peng	P3	Resolved	Fixed	b02
JDK-8251766	emb-8u271	Valerie Peng	P3	Resolved	Fixed	team

The following piece of code fails with an InvalidKeySpecException:

-------------
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSASSA-PSS");
        KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
        kpg.initialize(new RSAKeyGenParameterSpec(2048,
                RSAKeyGenParameterSpec.F4,
                new PSSParameterSpec(
                        "SHA-384", "MGF1",
                        new MGF1ParameterSpec("SHA-384"),
                        48, PSSParameterSpec.TRAILER_FIELD_BC)));
        kf.generatePublic(new X509EncodedKeySpec(
                kpg.generateKeyPair().getPublic().getEncoded()));
---------------

Caused by: java.security.ProviderException: Unsupported algorithm 1.2.840.113549.1.1.10
at java.base/sun.security.rsa.RSAUtil$KeyType.lookup(RSAUtil.java:66)
at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:142)
at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:133)
at java.base/sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:130)

Cause
=====

This is because when the key is read, the parameters of the AlgorithmId is instantiated with the OID (in AlgorithmId::decodeParams, algParams = AlgorithmParameters.getInstance(algidString)), so its getAlgorithm() always returns the OID string, and cannot be recognized by RSAUtil::lookup.

Suggested fix:
===========

diff --git a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
--- a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
+++ b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
@@ -63,6 +63,9 @@
                 }
             }
             // no match
+ if (name.equals(AlgorithmId.RSASSA_PSS_oid.toString())) {
+ return PSS;
+ }
             throw new ProviderException("Unsupported algorithm " + name);
         }
     }

backported by

JDK-8249766 Cannot load RSASSA-PSS public key with non-null params from byte array

Resolved

JDK-8249767 Cannot load RSASSA-PSS public key with non-null params from byte array

Resolved

JDK-8249863 Cannot load RSASSA-PSS public key with non-null params from byte array

Resolved

JDK-8250835 Cannot load RSASSA-PSS public key with non-null params from byte array

Resolved

JDK-8251766 Cannot load RSASSA-PSS public key with non-null params from byte array

Resolved

blocks

JDK-8242335 Additional Tests for RSASSA-PSS

Resolved

duplicates

JDK-8242620 Cannot serialize RSASSA-PSS keys with non-null params

Closed

relates to

JDK-8146293 Add support for RSASSA-PSS Signature algorithm

Resolved

JDK-8278027 X509Key.decode exception while using JSafeJCE FIPS provider

Resolved

(1 blocks, 1 duplicates, 2 relates to)

Assignee:: Valerie Peng

Reporter:: Weijun Wang

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2020-04-13 01:41

Updated:: 2022-09-28 02:02

Resolved:: 2020-04-14 15:13

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates