[15] RFR JDK-8242897 KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException

Valerie Peng valerie.peng at oracle.com
Thu Apr 23 22:28:22 UTC 2020


Anyone has time to help review this fix? After the support for 
RSASSA-PSS keys is added, when parsing the DER encoding, the key 
algorithm is based on the parsed algorithm oid/name. However, an 
exception is thrown if the parsed algorithm oid/name is neither RSA nor 
RSASSA-PSS. For this particular report, the algorithm oid is 
1.3.14.3.2.15 which is unsupport/unrecognized by JDK. In earlier 
releases, the bytes are parsed but key algorithm is always "RSA".

To maintain this backward compatibility behavior, I changed the current 
impl to set the key algorithm upon key construction time w/ a KeyType 
argument (RSA or RSASSA-PSS) even when DER encoding is given. After 
parsing the DER encoding, for non-RSA keys, the parsed algorithm 
oid/name should match the given key type, otherwise an exception is thrown.

Bug: https://bugs.openjdk.java.net/browse/JDK-8242897

Webrev: http://cr.openjdk.java.net/~valeriep/8242897/webrev.00/

Mach5 run is clean.

Thanks,
Valerie


More information about the security-dev mailing list