[jdk17u-dev] RFR: 8320597: RSA signature verification fails on signed data that does not encode params correctly
Martin Balao
mbalao at openjdk.org
Thu Dec 14 16:14:48 UTC 2023
On Thu, 14 Dec 2023 14:02:58 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/rsa/RSASignature.java line 267:
>>
>>> 265: DerOutputStream oidout = new DerOutputStream();
>>> 266: oidout.putOID(oid);
>>> 267: out.write(DerValue.tag_Sequence, oidout);
>>
>> Can we write these lines in the same way as in the 22 patch? (out.write(DerValue.tag_Sequence, new DerOutputStream().putOID(oid));)
>
> No, we can not. DerOutputStream::putOID() was changed in JDK20 to return itself : [JDK-8294987](https://github.com/openjdk/jdk/commit/823b53d8957ff06b66c35e676c25992e9707afe6#diff-cc247245c29a0ea3516813a4c50ac2b79c0d959c193082a1603c86d1a9dca6e3R319)
> It is not backported to JDK17, so putOID returns void
Ah, I see. Thanks.
-------------
PR Review Comment: https://git.openjdk.org/jdk17u-dev/pull/2052#discussion_r1426935032
More information about the jdk-updates-dev
mailing list