RFR[13] JDK-8225745: NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support
Weijun Wang
weijun.wang at oracle.com
Wed Jul 3 03:27:45 UTC 2019
368 private static boolean isCompatible(ECParameterSpec sigParams,
369 ECParameterSpec keyParams) {
370 if (sigParams == null) {
371 // no restriction on key param
372 return true;
373 }
374 return sigParams.equals(keyParams);
375 }
What does "sigParams.equals(keyParams)" mean here? What is the getClass() of those 2 ECParameterSpec objects?
Or maybe you mean "==" because it is always a NamedCurve stored in CurveDB?
Thanks,
Max
> On Jul 3, 2019, at 10:48 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
>
> Hi
>
> Any one can help reviewing this fix? Some ECDSA certificates contains signature algorithm identifiers with non-null parameter bytes. Before RSASSA-PSS support, these parameter bytes are ignored, however, after RSASSA-PSS support, the parameter bytes are passed to the underlying signature impl and this breaks the ECDSA certificate verification. In order for the verification to succeeds, the SignatureUtil class needs to be able to parse the parameter bytes for ECDSA certificate and that SunEC provider needs to accept non-null signature parameters.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8225745
> Webrev: http://cr.openjdk.java.net/~valeriep/8225745/webrev.00/
>
> Mach5 run is clean.
>
> Thanks,
> Valerie
More information about the security-dev
mailing list