Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8242556

Cannot load RSASSA-PSS public key with non-null params from byte array

    Details

    • Subcomponent:
    • Resolved In Build:
      b19
    • Verification:
      Verified

      Backports

        Description

        The following piece of code fails with an InvalidKeySpecException:

        -------------
                KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSASSA-PSS");
                KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
                kpg.initialize(new RSAKeyGenParameterSpec(2048,
                        RSAKeyGenParameterSpec.F4,
                        new PSSParameterSpec(
                                "SHA-384", "MGF1",
                                new MGF1ParameterSpec("SHA-384"),
                                48, PSSParameterSpec.TRAILER_FIELD_BC)));
                kf.generatePublic(new X509EncodedKeySpec(
                        kpg.generateKeyPair().getPublic().getEncoded()));
        ---------------

        Caused by: java.security.ProviderException: Unsupported algorithm 1.2.840.113549.1.1.10
        at java.base/sun.security.rsa.RSAUtil$KeyType.lookup(RSAUtil.java:66)
        at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:142)
        at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:133)
        at java.base/sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:130)

        Cause
        =====

        This is because when the key is read, the parameters of the AlgorithmId is instantiated with the OID (in AlgorithmId::decodeParams, algParams = AlgorithmParameters.getInstance(algidString)), so its getAlgorithm() always returns the OID string, and cannot be recognized by RSAUtil::lookup.

        Suggested fix:
        ===========

        diff --git a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
        --- a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
        +++ b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
        @@ -63,6 +63,9 @@
                         }
                     }
                     // no match
        + if (name.equals(AlgorithmId.RSASSA_PSS_oid.toString())) {
        + return PSS;
        + }
                     throw new ProviderException("Unsupported algorithm " + name);
                 }
             }

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  valeriep Valerie Peng
                  Reporter:
                  weijun Weijun Wang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: