8216012: Infinite loop in RSA KeyPairGenerator

Check and error out on even RSA public exponents Reviewed-by: valeriep
2025-08-28 15:24:43 +02:00 · 2020-01-17 01:05:27 +00:00 · 2020-01-17 01:05:27 +00:00 · 567465c62c
commit 567465c62c
parent 0b2da9e239
2 changed files with 99 additions and 1 deletions
--- a/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
+++ b/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -96,6 +96,10 @@ public abstract class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
                throw new InvalidAlgorithmParameterException
                        ("Public exponent must be 3 or larger");
            }
+            if (!tmpPublicExponent.testBit(0)) {
+                throw new InvalidAlgorithmParameterException
+                        ("Public exponent must be an odd number");
+            }
            if (tmpPublicExponent.bitLength() > tmpKeySize) {
                throw new InvalidAlgorithmParameterException
                        ("Public exponent must be smaller than key size");