[15] RFR 8238448: RSASSA-PSS signature verification fail when using certain odd key sizes

Valerie Peng valerie.peng at oracle.com
Fri Feb 7 03:02:21 UTC 2020


Anyone can help reviewing this?

There is a bug in RSASSA-PSS signature verification when the key size is 
multiples of 8 plus 1 bit. The verification on the encoded message is 
off by one and verification failed unexpectedly. I added a check and 
adjusted the starting index for the verification. I added 1025 and 2049 
to existing PSS tests to verify this fix.

Bug: https://bugs.openjdk.java.net/browse/JDK-8238448

Webrev: http://cr.openjdk.java.net/~valeriep/8238448/webrev.00/

Mach5 run is clean.

Thanks,
Valerie


More information about the security-dev mailing list