From f14e3a60b26f0488da26abf3ae6c0521d5f616e5 Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Thu, 31 Oct 2019 02:22:42 +0000 Subject: [PATCH] 8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures Fixed to treat the queried key size values as bits instead of bytes Reviewed-by: ascarpino, xuelei --- .../sun/security/pkcs11/P11PSSSignature.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java index cb9ab66e3d0..763fb98a8ea 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java @@ -338,9 +338,6 @@ final class P11PSSSignature extends SignatureSpi { int keySize = 0; // in bytes if (mechInfo != null) { - // check against available native info - int minKeySize = (int) mechInfo.ulMinKeySize; - int maxKeySize = (int) mechInfo.ulMaxKeySize; if (key instanceof P11Key) { keySize = (((P11Key) key).length() + 7) >> 3; } else if (key instanceof RSAKey) { @@ -348,13 +345,16 @@ final class P11PSSSignature extends SignatureSpi { } else { throw new InvalidKeyException("Unrecognized key type " + key); } - if ((minKeySize != -1) && (keySize < minKeySize)) { + // check against available native info which are in bits + if ((mechInfo.iMinKeySize != 0) && + (keySize < (mechInfo.iMinKeySize >> 3))) { throw new InvalidKeyException(KEY_ALGO + - " key must be at least " + minKeySize + " bytes"); + " key must be at least " + mechInfo.iMinKeySize + " bits"); } - if ((maxKeySize != -1) && (keySize > maxKeySize)) { + if ((mechInfo.iMaxKeySize != Integer.MAX_VALUE) && + (keySize > (mechInfo.iMaxKeySize >> 3))) { throw new InvalidKeyException(KEY_ALGO + - " key must be at most " + maxKeySize + " bytes"); + " key must be at most " + mechInfo.iMaxKeySize + " bits"); } } if (this.sigParams != null) {