[12] RFR 8215694: keytool cannot generate RSASSA-PSS certificates

Xue-Lei Fan xuelei.fan at oracle.com
Wed Jan 2 15:56:00 UTC 2019


sigAlg.equalsIgnoreCase("RSASSA-PSS"):
Do you really want to ignore the case?  I used to think that an 
algorithm name is case sensitive.

Main.java:1445 minor, 4 more indent?

AlgorithmId.java:1073-1091:
I may prefer to use cached parameters (for both AlgorithmParameters and 
AlgorithmParameterSpec) for each size, for performance.


Xuelei


On 12/21/2018 1:44 AM, Weijun Wang wrote:
> Please take a review at
> 
>     https://cr.openjdk.java.net/~weijun/8215694/webrev.00/
> 
> This bug reveals several issues:
> 
> 1. Encoding of the RSASSA-PSS signature algorithm in PKCS10 and X509CertImpl.
> 
> 2. The missing of setParameter() call for PKCS10 and X509CertImpl.
> 
> 3. All keytool commands of -genkeypair, -certreq, -gencert, -selfcert are affected.
> 
> 4. Wrong NULL after encoding of RSASSA-PSS key algorithm.
> 
> Please confirm this is safe to be fixed in JDK 12.
> 
> Thanks,
> Max
> 


More information about the security-dev mailing list