8242811: AlgorithmId::getDefaultAlgorithmParameterSpec returns incompatible PSSParameterSpec for an RSASSA-PSS key

Reviewed-by: valeriep, hchao
2020-04-18 11:13:14 +08:00 · 2020-04-18 11:13:14 +08:00 · 05d6a66330
commit 05d6a66330
parent f6f97ea24b
2 changed files with 64 additions and 1 deletions
--- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
+++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
@ -26,6 +26,7 @@
 package sun.security.x509;

 import java.io.*;
+import java.security.interfaces.RSAKey;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
 import java.security.spec.MGF1ParameterSpec;
@ -1105,9 +1106,15 @@ public class AlgorithmId implements Serializable, DerEncoder {
        }
    }

-    public static PSSParameterSpec getDefaultAlgorithmParameterSpec(
+    public static AlgorithmParameterSpec getDefaultAlgorithmParameterSpec(
            String sigAlg, PrivateKey k) {
        if (sigAlg.equalsIgnoreCase("RSASSA-PSS")) {
+            if (k instanceof RSAKey) {
+                AlgorithmParameterSpec spec = ((RSAKey) k).getParams();
+                if (spec instanceof PSSParameterSpec) {
+                    return spec;
+                }
+            }
            switch (ifcFfcStrength(KeyUtil.getKeySize(k))) {
                case "SHA256":
                    return PSSParamsHolder.PSS_256_SPEC;
--- a/test/jdk/sun/security/rsa/pss/DefaultParamSpec.java
+++ b/test/jdk/sun/security/rsa/pss/DefaultParamSpec.java
@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import sun.security.x509.X500Name;
+import sun.security.x509.X509CRLImpl;
+
+import java.security.KeyFactory;
+import java.security.KeyPairGenerator;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
+import java.security.spec.RSAKeyGenParameterSpec;
+import java.util.Date;
+
+/**
+ * @test
+ * @bug 8242811
+ * @modules java.base/sun.security.x509
+ * @summary AlgorithmId::getDefaultAlgorithmParameterSpec returns incompatible
+ *          PSSParameterSpec for an RSASSA-PSS key
+ */
+public class DefaultParamSpec {
+    public static void main(String[] args) throws Exception {
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSASSA-PSS");
+        KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
+        kpg.initialize(new RSAKeyGenParameterSpec(2048,
+                RSAKeyGenParameterSpec.F4,
+                new PSSParameterSpec(
+                        "SHA-384", "MGF1",
+                        new MGF1ParameterSpec("SHA-384"),
+                        48, PSSParameterSpec.TRAILER_FIELD_BC)));
+
+        X509CRLImpl crl = new X509CRLImpl(
+                new X500Name("CN=Issuer"), new Date(), new Date());
+        crl.sign(kpg.generateKeyPair().getPrivate(), "RSASSA-PSS");
+    }
+}