Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/java.base/share/classes/sun/security/ssl/SignatureScheme.java
branchJDK-8145252-TLS13-branch
changeset 56738 0811eaea3cd4
parent 56710 f4c7a97a1275
child 56750 2b4ae319412b 
--- a/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java	Mon Jun 11 07:24:50 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java	Mon Jun 11 17:19:28 2018 -0700
@@ -70,31 +70,37 @@
                                     ProtocolVersion.PROTOCOLS_TO_13),
 
     // RSASSA-PSS algorithms with public key OID rsaEncryption
+    //
+    // The minimalKeySize is calculated as (See RFC 8017 for details):
+    //     hash length + salt length + 16
     RSA_PSS_RSAE_SHA256     (0x0804, "rsa_pss_rsae_sha256",
                                     "RSASSA-PSS", "RSA",
-                                    SigAlgParamSpec.RSA_PSS_SHA256, 512,
+                                    SigAlgParamSpec.RSA_PSS_SHA256, 528,
                                     ProtocolVersion.PROTOCOLS_OF_13),
     RSA_PSS_RSAE_SHA384     (0x0805, "rsa_pss_rsae_sha384",
                                     "RSASSA-PSS", "RSA",
-                                    SigAlgParamSpec.RSA_PSS_SHA384, 768,
+                                    SigAlgParamSpec.RSA_PSS_SHA384, 784,
                                     ProtocolVersion.PROTOCOLS_OF_13),
     RSA_PSS_RSAE_SHA512     (0x0806, "rsa_pss_rsae_sha512",
                                     "RSASSA-PSS", "RSA",
-                                    SigAlgParamSpec.RSA_PSS_SHA512, 768,
+                                    SigAlgParamSpec.RSA_PSS_SHA512, 1040,
                                     ProtocolVersion.PROTOCOLS_OF_13),
 
     // RSASSA-PSS algorithms with public key OID RSASSA-PSS
+    //
+    // The minimalKeySize is calculated as (See RFC 8017 for details):
+    //     hash length + salt length + 16
     RSA_PSS_PSS_SHA256      (0x0809, "rsa_pss_pss_sha256",
                                     "RSASSA-PSS", "RSASSA-PSS",
-                                    SigAlgParamSpec.RSA_PSS_SHA256, 512,
+                                    SigAlgParamSpec.RSA_PSS_SHA256, 528,
                                     ProtocolVersion.PROTOCOLS_OF_13),
     RSA_PSS_PSS_SHA384      (0x080A, "rsa_pss_pss_sha384",
                                     "RSASSA-PSS", "RSASSA-PSS",
-                                    SigAlgParamSpec.RSA_PSS_SHA384, 768,
+                                    SigAlgParamSpec.RSA_PSS_SHA384, 784,
                                     ProtocolVersion.PROTOCOLS_OF_13),
     RSA_PSS_PSS_SHA512      (0x080B, "rsa_pss_pss_sha512",
                                     "RSASSA-PSS", "RSASSA-PSS",
-                                    SigAlgParamSpec.RSA_PSS_SHA512, 768,
+                                    SigAlgParamSpec.RSA_PSS_SHA512, 1040,
                                     ProtocolVersion.PROTOCOLS_OF_13),
 
     // RSASSA-PKCS1-v1_5 algorithms
@@ -413,7 +419,8 @@
         String keyAlgorithm = signingKey.getAlgorithm();
         int keySize;
         // Only need to check RSA algorithm at present.
-        if (keyAlgorithm.equalsIgnoreCase("rsa")) {
+        if (keyAlgorithm.equalsIgnoreCase("RSA") ||
+                keyAlgorithm.equalsIgnoreCase("RSASSA-PSS")) {
             keySize = KeyUtil.getKeySize(signingKey);
         } else {
             keySize = Integer.MAX_VALUE;
jdk-sandbox