# HG changeset patch # User valeriep # Date 1572488562 0 # Node ID 6d081cef7ea890398977bb75e76bd90f40c19e07 # Parent fba8635290df658c354547008830f5a7fa5694b3 8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures. Summary: Fixed to treat the queried key size values as bits instead of bytes Reviewed-by: ascarpino, xuelei diff -r fba8635290df -r 6d081cef7ea8 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java Wed Oct 30 15:54:41 2019 -0400 +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java Thu Oct 31 02:22:42 2019 +0000 @@ -338,9 +338,6 @@ int keySize = 0; // in bytes if (mechInfo != null) { - // check against available native info - int minKeySize = (int) mechInfo.ulMinKeySize; - int maxKeySize = (int) mechInfo.ulMaxKeySize; if (key instanceof P11Key) { keySize = (((P11Key) key).length() + 7) >> 3; } else if (key instanceof RSAKey) { @@ -348,13 +345,16 @@ } else { throw new InvalidKeyException("Unrecognized key type " + key); } - if ((minKeySize != -1) && (keySize < minKeySize)) { + // check against available native info which are in bits + if ((mechInfo.iMinKeySize != 0) && + (keySize < (mechInfo.iMinKeySize >> 3))) { throw new InvalidKeyException(KEY_ALGO + - " key must be at least " + minKeySize + " bytes"); + " key must be at least " + mechInfo.iMinKeySize + " bits"); } - if ((maxKeySize != -1) && (keySize > maxKeySize)) { + if ((mechInfo.iMaxKeySize != Integer.MAX_VALUE) && + (keySize > (mechInfo.iMaxKeySize >> 3))) { throw new InvalidKeyException(KEY_ALGO + - " key must be at most " + maxKeySize + " bytes"); + " key must be at most " + mechInfo.iMaxKeySize + " bits"); } } if (this.sigParams != null) {