Merge

2025-08-28 15:24:43 +02:00 · 2022-01-20 01:18:38 +00:00 · 2022-01-20 01:18:38 +00:00 · 4616c13c2f
commit 4616c13c2f
parent 98d96a7707 03680bea1c
67 changed files with 1126 additions and 799 deletions
--- a/src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
+++ b/src/java.base/share/classes/sun/security/pkcs/ContentInfo.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -127,7 +127,9 @@ public class ContentInfo {

        if (oldStyle) {
            // JDK1.1.x-style encoding
-            content = typeAndContent[1];
+            if (typeAndContent.length > 1) { // content is OPTIONAL
+                content = typeAndContent[1];
+            }
        } else {
            // This is the correct, standards-compliant encoding.
            // Parse the content (OPTIONAL field).
--- a/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
+++ b/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
@ -383,8 +383,15 @@ public class SignerInfo implements DerEncoder {
                if (digestAlgName.equals("SHAKE256")
                        || digestAlgName.equals("SHAKE256-LEN")) {
                    if (digestAlgName.equals("SHAKE256-LEN")) {
-                        int v = new DerValue(digestAlgorithmId
-                                .getEncodedParams()).getInteger();
+                        // RFC8419: for EdDSA in CMS, the id-shake256-len
+                        // algorithm id must contain parameter value 512
+                        // encoded as a positive integer value
+                        byte[] params = digestAlgorithmId.getEncodedParams();
+                        if (params == null) {
+                            throw new SignatureException(
+                                    "id-shake256-len oid missing length");
+                        }
+                        int v = new DerValue(params).getInteger();
                        if (v != 512) {
                            throw new SignatureException(
                                    "Unsupported id-shake256-" + v);
@ -527,6 +534,7 @@ public class SignerInfo implements DerEncoder {
                if (spec == null) {
                    throw new NoSuchAlgorithmException("Missing PSSParameterSpec for RSASSA-PSS algorithm");
                }
+
                if (!AlgorithmId.get(spec.getDigestAlgorithm()).equals(digAlgId)) {
                    throw new NoSuchAlgorithmException("Incompatible digest algorithm");
                }
--- a/src/java.base/share/classes/sun/security/rsa/PSSParameters.java
+++ b/src/java.base/share/classes/sun/security/rsa/PSSParameters.java
@ -102,8 +102,13 @@ public final class PSSParameters extends AlgorithmParametersSpi {
                if (!val.getOID().equals(AlgorithmId.MGF1_oid)) {
                    throw new IOException("Only MGF1 mgf is supported");
                }
+
+                byte[] encodedParams = val.getEncodedParams();
+                if (encodedParams == null) {
+                    throw new IOException("Missing MGF1 parameters");
+                }
                AlgorithmId params = AlgorithmId.parse(
-                        new DerValue(val.getEncodedParams()));
+                        new DerValue(encodedParams));
                String mgfDigestName = params.getName();
                switch (mgfDigestName) {
                case "SHA-1":