stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures

Browse Source 
Fixed to treat the queried key size values as bits instead of bytes

Reviewed-by: ascarpino, xuelei
This commit is contained in:
Valerie Peng 2019-10-31 02:22:42 +00:00
parent 3cc7b5babe
commit f14e3a60b2
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
View File

@ -338,9 +338,6 @@ final class P11PSSSignature extends SignatureSpi {
int keySize = 0; // in bytes
if (mechInfo != null) {
// check against available native info
int minKeySize = (int) mechInfo.ulMinKeySize;
int maxKeySize = (int) mechInfo.ulMaxKeySize;
if (key instanceof P11Key) {
keySize = (((P11Key) key).length() + 7) >> 3;
} else if (key instanceof RSAKey) {
@ -348,13 +345,16 @@ final class P11PSSSignature extends SignatureSpi {
} else {
throw new InvalidKeyException("Unrecognized key type " + key);
}
if ((minKeySize != -1) && (keySize < minKeySize)) {
// check against available native info which are in bits
if ((mechInfo.iMinKeySize != 0) &&
(keySize < (mechInfo.iMinKeySize >> 3))) {
throw new InvalidKeyException(KEY_ALGO +
" key must be at least " + minKeySize + " bytes");
" key must be at least " + mechInfo.iMinKeySize + " bits");
}
if ((maxKeySize != -1) && (keySize > maxKeySize)) {
if ((mechInfo.iMaxKeySize != Integer.MAX_VALUE) &&
(keySize > (mechInfo.iMaxKeySize >> 3))) {
throw new InvalidKeyException(KEY_ALGO +
" key must be at most " + maxKeySize + " bytes");
" key must be at most " + mechInfo.iMaxKeySize + " bits");
}
}
if (this.sigParams != null) {