Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8320597

RSA signature verification fails on signed data that does not encode params correctly




      Updating Summary and Description to better reflect the cause:

      The fix for JDK-8302017 changed the way RSA signatures are verified, such that previously signed data that (incorrectly, according to RFC 8017) omitted the AlgorithmID params field instead of encoding it as an ASN.1 NULL can no longer be verified.

      Original Summary and Description:

      JDK 21.0.1 fails to validate signed XML (JDK < 21 and JDK 21+35 worked):

      CI for Apache POI discovered a regression between JDK 21 and 21.0.1 when signing/validating XML documents.

      See the reproducer project at https://github.com/centic9/poi-reproduce-signature

      It basically performs javax.xml.crypto.dsig.XMLSignature.validate(), which returns "true" for most JDK versions, but started to report "false" for JDK 21.0.1

      When executing the reproducer for various JDKs, we get the following results:
      Successfully validated document with 1.8.0_382
      Successfully validated document with 11.0.20
      Successfully validated document with 17.0.3
      Successfully validated document with 17.0.9
      Successfully validated document with 21

      However when runing with the recent JDK 21 patchlevel, I get the following:
      Exception in thread "main" java.lang.IllegalStateException: Not valid for 21.0.1
      Validate returned: false
      HasNext: true, validate: false
              at org.dstadler.poi.reproduce.Reproduce.main(Reproduce.java:105)

      So it seems there was a change in JDK 21.0.1 which introduced this, but none of the changes listed in https://www.oracle.com/java/technologies/javase/21all-relnotes.html for 21.0.1 seems to be the culprit.

      JDK used for compilation seems to not matter, changing the JDK used for execution seems to be enough to trigger the issue.

      It is possible to try to reduce the test more and take out Apache POI dependency, but would be some more work, so please let me know if you would like to get a more refined test-case.


        Issue Links



              weijun Weijun Wang
              dstadler Dominik Stadler
              0 Vote for this issue
              13 Start watching this issue