Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8206171

Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 11
    • Fix Version/s: 11
    • Component/s: security-libs
    • Labels:

      Backports

        Description

        When I call this method "Signature.getInstance("RSASSA-PSS").getParameters()" without initializing the Signature parameters, I get the following exception,
         
        Exception java.security.ProviderException: Missing required PSS parameters
               at RSAPSSSignature.engineGetParameters (RSAPSSSignature.java:608)
               at Signature$Delegate.engineGetParameters (Signature.java:1275)
        ======================================================
        Signature#getParamters() specification says:
        "The returned parameters may contain a combination of default and randomly generated parameter values used by the underlying signature implementation if this signature requires algorithm parameters but was not initialized with any."
        Specification does not state any possible exceptions being thrown.
        ======================================================
        Also, when I check with other algorithms like “RSA”, “DSA” , this issue is not there.
        For e.g.
        jshell> Signature.getInstance("SHA256withDSA").getParameters()
        $58 ==> null

        jshell> Signature.getInstance("SHA256withRSA").getParameters()
        $59 ==> null
        =====================================================
        This bug is filed for clarification of specification (see comment)
        Please clarify the specification to include a possible exception being thrown (ProviderException for RSASSA-PSS) or other possible exceptions for future Signature algorithms that require mandatory parameters by the user before any operations could be performed, and user did not set any parameters before using the Signature operations (sign, update, verify).
        Or
        null could be returned (as per specification)
         
         

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  valeriep Valerie Peng
                  Reporter:
                  bnallakaluva Bharath Nallakaluva (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: