[8u-252] [urgent] 8241823: SignedObject throws NullPointerException for null keys with an initialized Signature object

Volker Simonis volker.simonis at gmail.com
Tue Mar 31 08:43:56 UTC 2020 

Hi 8u maintainers,

I know we're late for 8u252 but I'd still like to bring this trivial
fix into 8u252 because we think it fixes a serious regression which
will impact many users:

https://bugs.openjdk.java.net/browse/JDK-8241823
http://cr.openjdk.java.net/~simonis/webrevs/2020/8241823

This is a clean backport of "DK-8204152: SignedObject throws
NullPointerException for null keys with an initialized Signature
object" which unfortunately is a non-public issue. You can find the
original commit here:

http://hg.openjdk.java.net/jdk/jdk/rev/11c7290b85ff

Background and Justification
-----------------------------

The backport of "JDK-8146293: Add support for RSASSA-PSS Signature
algorithm" has introduced a regression which has been fixed in jdk11
by "JDK-8204152: SignedObject throws NullPointerException for null
keys with an initialized Signature object". Unfortunately, the fix
JDK-8204152 hasn't been downported along with JDK-8146293 and because
it is a non-public issue in JBS, we can't say if Oracle already has or
plans to downport it to their 8u version.

The regression is that sun.security.rsa.RSAKeyFactory::toRSAKey() now
throws NullPointerExceptions for "null" key arguments whereas before
it threw InvalidKeyExceptions. These new NullPointerExceptions
propagate through standard interfaces like
java.security.SignatureSpi::engineInitVerify() or
java.security.SignatureSpi::engineInitSign() into user code where they
can lead to crashes because of unhandled NullPointerExcpetions.

Because we've already observed several such crashes in our internal
testing and because we expect that other user code will be affected as
well we plan to fix this in our distribution, but of course it would
be much better if this issue will be fixed in upstream 8u right away.

In the RFR for JDK-8204152
(https://mail.openjdk.java.net/pipermail/security-dev/2018-June/017405.html)
the original author mentions:

"Can someone please help review this fix for addressing JCK test failure?
Changes are very trivial, just check for null and thrown
InvalidKeyException instead of letting NPE be thrown later"

Apparently, the Spec Lead of the JSR337 Maintenance Release 3 has
decided to exclude these tests in the latest version of the JCK for 8
MR 3 instead of downporting the corresponding fix, but nevertheless we
think the fix is important to prevent regressions in application code.

Thank you and best regards,
Volker

More information about the jdk8u-dev mailing list