[15] RFR JDK-8242897 KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException
Valerie Peng
valerie.peng at oracle.com
Thu May 7 23:17:49 UTC 2020
Ping?
On 4/23/2020 3:28 PM, Valerie Peng wrote:
> Anyone has time to help review this fix? After the support for
> RSASSA-PSS keys is added, when parsing the DER encoding, the key
> algorithm is based on the parsed algorithm oid/name. However, an
> exception is thrown if the parsed algorithm oid/name is neither RSA
> nor RSASSA-PSS. For this particular report, the algorithm oid is
> 1.3.14.3.2.15 which is unsupport/unrecognized by JDK. In earlier
> releases, the bytes are parsed but key algorithm is always "RSA".
>
> To maintain this backward compatibility behavior, I changed the
> current impl to set the key algorithm upon key construction time w/ a
> KeyType argument (RSA or RSASSA-PSS) even when DER encoding is given.
> After parsing the DER encoding, for non-RSA keys, the parsed algorithm
> oid/name should match the given key type, otherwise an exception is
> thrown.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8242897
>
> Webrev: http://cr.openjdk.java.net/~valeriep/8242897/webrev.00/
>
> Mach5 run is clean.
>
> Thanks,
> Valerie
More information about the security-dev
mailing list