[15] RFR JDK-8242897 KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException

Valerie Peng valerie.peng at oracle.com
Thu May 7 23:17:49 UTC 2020


Ping?

On 4/23/2020 3:28 PM, Valerie Peng wrote:
> Anyone has time to help review this fix? After the support for 
> RSASSA-PSS keys is added, when parsing the DER encoding, the key 
> algorithm is based on the parsed algorithm oid/name. However, an 
> exception is thrown if the parsed algorithm oid/name is neither RSA 
> nor RSASSA-PSS. For this particular report, the algorithm oid is 
> 1.3.14.3.2.15 which is unsupport/unrecognized by JDK. In earlier 
> releases, the bytes are parsed but key algorithm is always "RSA".
>
> To maintain this backward compatibility behavior, I changed the 
> current impl to set the key algorithm upon key construction time w/ a 
> KeyType argument (RSA or RSASSA-PSS) even when DER encoding is given. 
> After parsing the DER encoding, for non-RSA keys, the parsed algorithm 
> oid/name should match the given key type, otherwise an exception is 
> thrown.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8242897
>
> Webrev: http://cr.openjdk.java.net/~valeriep/8242897/webrev.00/
>
> Mach5 run is clean.
>
> Thanks,
> Valerie



More information about the security-dev mailing list