[15] RFR JDK-8242897 KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException
Valerie Peng
valerie.peng at oracle.com
Thu Apr 23 22:28:22 UTC 2020
Anyone has time to help review this fix? After the support for
RSASSA-PSS keys is added, when parsing the DER encoding, the key
algorithm is based on the parsed algorithm oid/name. However, an
exception is thrown if the parsed algorithm oid/name is neither RSA nor
RSASSA-PSS. For this particular report, the algorithm oid is
1.3.14.3.2.15 which is unsupport/unrecognized by JDK. In earlier
releases, the bytes are parsed but key algorithm is always "RSA".
To maintain this backward compatibility behavior, I changed the current
impl to set the key algorithm upon key construction time w/ a KeyType
argument (RSA or RSASSA-PSS) even when DER encoding is given. After
parsing the DER encoding, for non-RSA keys, the parsed algorithm
oid/name should match the given key type, otherwise an exception is thrown.
Bug: https://bugs.openjdk.java.net/browse/JDK-8242897
Webrev: http://cr.openjdk.java.net/~valeriep/8242897/webrev.00/
Mach5 run is clean.
Thanks,
Valerie
More information about the security-dev
mailing list