RFR: 8285404: RSA signature verification should follow RFC 8017 8.2.2 Step 4
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Sat Apr 23 15:50:22 UTC 2022
On Fri, 22 Apr 2022 17:10:58 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Compare encoded instead of decoded digest in RSA signature verification.
src/java.base/share/classes/sun/security/rsa/RSASignature.java line 220:
> 218: byte[] encoded = RSAUtil.encodeSignature(digestOID, digest);
> 219: byte[] decrypted = RSACore.rsa(sigBytes, publicKey);
> 220: byte[] unpadded = padding.unpad(decrypted);
It looks like safer to me that decodeSignature() method is removed and the same method get used for the verification.
Maybe, these two lines could be moved ahead (at line 215) so that the processing order is consistent with the RFC 8017 described order, for readability.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8365
More information about the security-dev
mailing list