-
Bug
-
Resolution: Fixed
-
P4
-
None
-
b27
-
generic
-
generic
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8278651 | 19 | Xuelei Fan | P4 | Resolved | Fixed | team |
JDK-8320910 | 17.0.10 | Martin Balao Alonso | P4 | Resolved | Fixed | b05 |
The length of a DSA signature is the length of 'q' * 2. Thus, this [2] and this [3] does not look good to me (in the latter case assuming a CKM_DSA_SHA1 or similar DSA-based mechanism). Even when we can say 'larger does not harm', here [4] it does not hold true if we use a 256 'q'. Furthermore, with an accurate value we can avoid passing '0' here [5] and having 2 C_SignFinal native calls with 1 extra buffer allocation in the heap.
In my view, we should use an accurate value for the signature length in DSA, and we already have an API to get it from the actual key [6] (which translates to a PKCS#11 call to get the CKA_SUBPRIME attribute from a key). This API works even when the key is CKA_SENSITIVE = true (the value retrieved is not sensitive).
--
[1] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/java.base/share/classes/sun/security/provider/ParameterCache.java#L89
[2] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L301
[3] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L303
[4] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L827
[5] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L621
[6] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java#L773
- backported by
-
JDK-8278651 DSA signature length value is not accurate in P11Signature
- Resolved
-
JDK-8320910 DSA signature length value is not accurate in P11Signature
- Resolved
- relates to
-
JDK-8325254 CKA_TOKEN private and secret keys are not necessarily sensitive
- Resolved
-
JDK-8336499 Failure when creating non-CRT RSA private keys in SunPKCS11
- Resolved
-
JDK-8271510 Failure in P11Signature sign with 2048-bit DSA keys and NSS Software Token (JDK-11)
- In Progress
- links to
-
Commit openjdk/jdk17u-dev/9165f777
-
Commit openjdk/jdk/ea8d3c92
-
Review openjdk/jdk17u-dev/1982
-
Review openjdk/jdk/4961