archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 06:45:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8268488: More valuable DerValues

Browse source 
Reviewed-by: weijun, ahgross, rhalade
This commit is contained in:
Valerie Peng 2021-07-23 18:04:54 +00:00 committed by Henry Jen
parent 29f61b3b0a
commit f18deeb69e
4 changed files with 32 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java
View file

@ -177,6 +177,10 @@ final class KeyProtector {
byte[] encodedParams = byte[] encodedParams =
encrInfo.getAlgorithm().getEncodedParams(); encrInfo.getAlgorithm().getEncodedParams();
if (encodedParams == null) {
throw new IOException("Missing PBE parameters");
}
// parse the PBE parameters into the corresponding spec // parse the PBE parameters into the corresponding spec
AlgorithmParameters pbeParams = AlgorithmParameters pbeParams =
AlgorithmParameters.getInstance("PBE"); AlgorithmParameters.getInstance("PBE");

13
src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
View file

@ -107,8 +107,12 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
if (!val.getOID().equals(OID_MGF1)) { if (!val.getOID().equals(OID_MGF1)) {
throw new IOException("Only MGF1 mgf is supported"); throw new IOException("Only MGF1 mgf is supported");
} }
byte[] encodedParams = val.getEncodedParams();
if (encodedParams == null) {
throw new IOException("Missing MGF1 parameters");
}
AlgorithmId params = AlgorithmId.parse( AlgorithmId params = AlgorithmId.parse(
new DerValue(val.getEncodedParams())); new DerValue(encodedParams));
mgfSpec = switch (params.getName()) { mgfSpec = switch (params.getName()) {
case "SHA-1" -> MGF1ParameterSpec.SHA1; case "SHA-1" -> MGF1ParameterSpec.SHA1;
case "SHA-224" -> MGF1ParameterSpec.SHA224; case "SHA-224" -> MGF1ParameterSpec.SHA224;
@ -129,7 +133,12 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
if (!val.getOID().equals(OID_PSpecified)) { if (!val.getOID().equals(OID_PSpecified)) {
throw new IOException("Wrong OID for pSpecified"); throw new IOException("Wrong OID for pSpecified");
} }
p = DerValue.wrap(val.getEncodedParams()).getOctetString(); byte[] encodedParams = val.getEncodedParams();
if (encodedParams == null) {
throw new IOException("Missing pSpecified label");
}
p = DerValue.wrap(encodedParams).getOctetString();
} else { } else {
p = new byte[0]; p = new byte[0];
} }

12
src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
View file

@ -383,8 +383,15 @@ public class SignerInfo implements DerEncoder {
if (digestAlgName.equals("SHAKE256") if (digestAlgName.equals("SHAKE256")
|| digestAlgName.equals("SHAKE256-LEN")) { || digestAlgName.equals("SHAKE256-LEN")) {
if (digestAlgName.equals("SHAKE256-LEN")) { if (digestAlgName.equals("SHAKE256-LEN")) {
int v = new DerValue(digestAlgorithmId // RFC8419: for EdDSA in CMS, the id-shake256-len
.getEncodedParams()).getInteger(); // algorithm id must contain parameter value 512
// encoded as a positive integer value
byte[] params = digestAlgorithmId.getEncodedParams();
if (params == null) {
throw new SignatureException(
"id-shake256-len oid missing length");
}
int v = new DerValue(params).getInteger();
if (v != 512) { if (v != 512) {
throw new SignatureException( throw new SignatureException(
"Unsupported id-shake256-" + v); "Unsupported id-shake256-" + v);
@ -527,6 +534,7 @@ public class SignerInfo implements DerEncoder {
if (spec == null) { if (spec == null) {
throw new NoSuchAlgorithmException("Missing PSSParameterSpec for RSASSA-PSS algorithm"); throw new NoSuchAlgorithmException("Missing PSSParameterSpec for RSASSA-PSS algorithm");
} }
if (!AlgorithmId.get(spec.getDigestAlgorithm()).equals(digAlgId)) { if (!AlgorithmId.get(spec.getDigestAlgorithm()).equals(digAlgId)) {
throw new NoSuchAlgorithmException("Incompatible digest algorithm"); throw new NoSuchAlgorithmException("Incompatible digest algorithm");
} }

9
src/java.base/share/classes/sun/security/rsa/PSSParameters.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -102,8 +102,13 @@ public final class PSSParameters extends AlgorithmParametersSpi {
if (!val.getOID().equals(AlgorithmId.MGF1_oid)) { if (!val.getOID().equals(AlgorithmId.MGF1_oid)) {
throw new IOException("Only MGF1 mgf is supported"); throw new IOException("Only MGF1 mgf is supported");
} }
byte[] encodedParams = val.getEncodedParams();
if (encodedParams == null) {
throw new IOException("Missing MGF1 parameters");
}
AlgorithmId params = AlgorithmId.parse( AlgorithmId params = AlgorithmId.parse(
new DerValue(val.getEncodedParams())); new DerValue(encodedParams));
String mgfDigestName = params.getName(); String mgfDigestName = params.getName();
switch (mgfDigestName) { switch (mgfDigestName) {
case "SHA-1": case "SHA-1":