RFR[13] JDK-8225745: NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support

Valerie Peng valerie.peng at oracle.com
Tue Jul 9 00:09:43 UTC 2019


Here is the updated webrev w/ ECUtil.equals() utility method:

http://cr.openjdk.java.net/~valeriep/8225745/webrev.01/

Regards,
Valerie
On 7/8/2019 12:12 PM, Valerie Peng wrote:
> Right, based on the current impl, a simple "==" seems to work as it's 
> the same NamedCurve instance inside CurveDB. Well, I could also do a 
> bit of code refactoring and add an equals utility method to ECUtil so 
> this may work better with 3rd party provider's impl.
>
> Thanks,
> Valerie
> On 7/2/2019 8:27 PM, Weijun Wang wrote:
>>   368     private static boolean isCompatible(ECParameterSpec sigParams,
>>   369             ECParameterSpec keyParams) {
>>   370         if (sigParams == null) {
>>   371             // no restriction on key param
>>   372             return true;
>>   373         }
>>   374         return sigParams.equals(keyParams);
>>   375     }
>>
>> What does "sigParams.equals(keyParams)" mean here? What is the 
>> getClass() of those 2 ECParameterSpec objects?
>>
>> Or maybe you mean "==" because it is always a NamedCurve stored in 
>> CurveDB?
>>
>> Thanks,
>> Max
>>
>>> On Jul 3, 2019, at 10:48 AM, Valerie Peng <valerie.peng at oracle.com> 
>>> wrote:
>>>
>>> Hi
>>>
>>> Any one can help reviewing this fix? Some ECDSA certificates 
>>> contains signature algorithm identifiers with non-null parameter 
>>> bytes. Before RSASSA-PSS support, these parameter bytes are ignored, 
>>> however, after RSASSA-PSS support, the parameter bytes are passed to 
>>> the underlying signature impl and this breaks the ECDSA certificate 
>>> verification. In order for the verification to succeeds, the 
>>> SignatureUtil class needs to be able to parse the parameter bytes 
>>> for ECDSA certificate and that SunEC provider needs to accept 
>>> non-null signature parameters.
>>>
>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8225745
>>> Webrev: http://cr.openjdk.java.net/~valeriep/8225745/webrev.00/
>>>
>>> Mach5 run is clean.
>>>
>>> Thanks,
>>> Valerie


More information about the security-dev mailing list