-
Bug
-
Resolution: Fixed
-
P3
-
8, 11, 15
-
b19
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8249767 | 11.0.9-oracle | Valerie Peng | P3 | Resolved | Fixed | b02 |
JDK-8249863 | 11.0.9 | Valerie Peng | P3 | Resolved | Fixed | b01 |
JDK-8250835 | openjdk8u272 | Valerie Peng | P3 | Resolved | Fixed | b02 |
JDK-8249766 | 8u271 | Valerie Peng | P3 | Resolved | Fixed | b02 |
JDK-8251766 | emb-8u271 | Valerie Peng | P3 | Resolved | Fixed | team |
-------------
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSASSA-PSS");
KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
kpg.initialize(new RSAKeyGenParameterSpec(2048,
RSAKeyGenParameterSpec.F4,
new PSSParameterSpec(
"SHA-384", "MGF1",
new MGF1ParameterSpec("SHA-384"),
48, PSSParameterSpec.TRAILER_FIELD_BC)));
kf.generatePublic(new X509EncodedKeySpec(
kpg.generateKeyPair().getPublic().getEncoded()));
---------------
Caused by: java.security.ProviderException: Unsupported algorithm 1.2.840.113549.1.1.10
at java.base/sun.security.rsa.RSAUtil$KeyType.lookup(RSAUtil.java:66)
at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:142)
at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:133)
at java.base/sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:130)
Cause
=====
This is because when the key is read, the parameters of the AlgorithmId is instantiated with the OID (in AlgorithmId::decodeParams, algParams = AlgorithmParameters.getInstance(algidString)), so its getAlgorithm() always returns the OID string, and cannot be recognized by RSAUtil::lookup.
Suggested fix:
===========
diff --git a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
--- a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
+++ b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
@@ -63,6 +63,9 @@
}
}
// no match
+ if (name.equals(AlgorithmId.RSASSA_PSS_oid.toString())) {
+ return PSS;
+ }
throw new ProviderException("Unsupported algorithm " + name);
}
}
- backported by
-
JDK-8249766 Cannot load RSASSA-PSS public key with non-null params from byte array
-
- Resolved
-
-
JDK-8249767 Cannot load RSASSA-PSS public key with non-null params from byte array
-
- Resolved
-
-
JDK-8249863 Cannot load RSASSA-PSS public key with non-null params from byte array
-
- Resolved
-
-
JDK-8250835 Cannot load RSASSA-PSS public key with non-null params from byte array
-
- Resolved
-
-
JDK-8251766 Cannot load RSASSA-PSS public key with non-null params from byte array
-
- Resolved
-
- blocks
-
JDK-8242335 Additional Tests for RSASSA-PSS
-
- Resolved
-
- duplicates
-
JDK-8242620 Cannot serialize RSASSA-PSS keys with non-null params
-
- Closed
-
- relates to
-
JDK-8146293 Add support for RSASSA-PSS Signature algorithm
-
- Resolved
-
-
JDK-8278027 X509Key.decode exception while using JSafeJCE FIPS provider
-
- Resolved
-