stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8268500: Better specified ParameterSpecs

Browse Source 
Reviewed-by: weijun, ahgross, rhalade
This commit is contained in:
Hai-May Chao 2021-07-07 00:49:23 +00:00 committed by Henry Jen
parent 790dcc667d
commit 20e1a273c2
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -515,6 +515,14 @@ public class SignerInfo implements DerEncoder {
case "RSASSA-PSS":
PSSParameterSpec spec = (PSSParameterSpec)
SignatureUtil.getParamSpec(encAlg, encAlgId.getParameters());
/*
* RFC 4056 section 3 for Signed-data:
* signatureAlgorithm MUST contain id-RSASSA-PSS. The algorithm
* parameters field MUST contain RSASSA-PSS-params.
*/
if (spec == null) {
throw new NoSuchAlgorithmException("Missing PSSParameterSpec for RSASSA-PSS algorithm");
}
if (!AlgorithmId.get(spec.getDigestAlgorithm()).equals(digAlgId)) {
throw new NoSuchAlgorithmException("Incompatible digest algorithm");
}