[jdk17u-dev] RFR: 8320597: RSA signature verification fails on signed data that does not encode params correctly
Martin Balao
mbalao at openjdk.org
Thu Dec 14 07:30:48 UTC 2023
On Wed, 13 Dec 2023 23:55:14 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> Backport is not clean because encodeSignature and decodeSignature methods belong to the RSASignature class ( not RSAUtil ).
> This is the reason for no changes in the RSAUtil class.
src/java.base/share/classes/sun/security/rsa/RSASignature.java line 267:
> 265: DerOutputStream oidout = new DerOutputStream();
> 266: oidout.putOID(oid);
> 267: out.write(DerValue.tag_Sequence, oidout);
Can we write these lines in the same way as in the 22 patch? (out.write(DerValue.tag_Sequence, new DerOutputStream().putOID(oid));)
-------------
PR Review Comment: https://git.openjdk.org/jdk17u-dev/pull/2052#discussion_r1426310509
More information about the jdk-updates-dev
mailing list