Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8308010

X509Key and PKCS8Key allows garbage bytes at the end

    XMLWordPrintable

Details

    Description

      Both `PKCS8Key::<init>(byte[])` and `X509::decode(byte[])` wrap the input bytes into a `ByteArrayInputStream` and then parse it. This means if there are any extra bytes after the end of the key they will not be detected and the key parsing succeeds.

      This can be demonstrated with
      ```
              KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(Arrays.copyOf(
                      KeyPairGenerator.getInstance("EC").generateKeyPair().getPublic().getEncoded(), 1000)));
      ```

      Attachments

        Issue Links

          There are no Sub-Tasks for this issue.

          Activity

            People

              weijun Weijun Wang
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: