8183107: PKCS11 regression regarding checkKeySize
Summary: Changed key size check in PKCS11 provider to only enforce positive return values
Reviewed-by: jnimeh
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java Tue Feb 26 10:52:31 2019 +0800
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java Wed Feb 27 19:37:51 2019 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -119,11 +119,13 @@
// RC4 which is in bits. However, some PKCS#11 impls still use
// bytes for all mechs, e.g. NSS. We try to detect this
// inconsistency if the minKeySize seems unreasonably small.
- int minKeySize = (int)info.ulMinKeySize;
- int maxKeySize = (int)info.ulMaxKeySize;
+ int minKeySize = info.iMinKeySize;
+ int maxKeySize = info.iMaxKeySize;
if (keyGenMech != CKM_RC4_KEY_GEN || minKeySize < 8) {
- minKeySize = (int)info.ulMinKeySize << 3;
- maxKeySize = (int)info.ulMaxKeySize << 3;
+ minKeySize = Math.multiplyExact(minKeySize, 8);
+ if (maxKeySize != Integer.MAX_VALUE) {
+ maxKeySize = Math.multiplyExact(maxKeySize, 8);
+ }
}
// Explicitly disallow keys shorter than 40-bits for security
if (minKeySize < 40) minKeySize = 40;
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Tue Feb 26 10:52:31 2019 +0800
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Wed Feb 27 19:37:51 2019 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -73,7 +73,7 @@
private BigInteger rsaPublicExponent = RSAKeyGenParameterSpec.F4;
// the supported keysize range of the native PKCS11 library
- // if the value cannot be retrieved or unspecified, -1 is used.
+ // if mechanism info is unavailable, 0/Integer.MAX_VALUE is used
private final int minKeySize;
private final int maxKeySize;
@@ -83,13 +83,13 @@
P11KeyPairGenerator(Token token, String algorithm, long mechanism)
throws PKCS11Exception {
super();
- int minKeyLen = -1;
- int maxKeyLen = -1;
+ int minKeyLen = 0;
+ int maxKeyLen = Integer.MAX_VALUE;
try {
CK_MECHANISM_INFO mechInfo = token.getMechanismInfo(mechanism);
if (mechInfo != null) {
- minKeyLen = (int) mechInfo.ulMinKeySize;
- maxKeyLen = (int) mechInfo.ulMaxKeySize;
+ minKeyLen = mechInfo.iMinKeySize;
+ maxKeyLen = mechInfo.iMaxKeySize;
}
} catch (PKCS11Exception p11e) {
// Should never happen
@@ -101,10 +101,10 @@
// override upper limit to deter DOS attack
if (algorithm.equals("EC")) {
keySize = DEF_EC_KEY_SIZE;
- if ((minKeyLen == -1) || (minKeyLen < 112)) {
+ if (minKeyLen < 112) {
minKeyLen = 112;
}
- if ((maxKeyLen == -1) || (maxKeyLen > 2048)) {
+ if (maxKeyLen > 2048) {
maxKeyLen = 2048;
}
} else {
@@ -112,24 +112,22 @@
keySize = DEF_DSA_KEY_SIZE;
} else if (algorithm.equals("RSA")) {
keySize = DEF_RSA_KEY_SIZE;
+ if (maxKeyLen > 64 * 1024) {
+ maxKeyLen = 64 * 1024;
+ }
} else {
keySize = DEF_DH_KEY_SIZE;
}
- if ((minKeyLen == -1) || (minKeyLen < 512)) {
+ if (minKeyLen < 512) {
minKeyLen = 512;
}
- if (algorithm.equals("RSA")) {
- if ((maxKeyLen == -1) || (maxKeyLen > 64 * 1024)) {
- maxKeyLen = 64 * 1024;
- }
- }
}
// auto-adjust default keysize in case it's out-of-range
- if ((minKeyLen != -1) && (keySize < minKeyLen)) {
+ if (keySize < minKeyLen) {
keySize = minKeyLen;
}
- if ((maxKeyLen != -1) && (keySize > maxKeyLen)) {
+ if (keySize > maxKeyLen) {
keySize = maxKeyLen;
}
this.token = token;
@@ -233,13 +231,17 @@
private void checkKeySize(int keySize, AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
+ if (keySize <= 0) {
+ throw new InvalidAlgorithmParameterException
+ ("key size must be positive, got " + keySize);
+ }
// check native range first
- if ((minKeySize != -1) && (keySize < minKeySize)) {
+ if (keySize < minKeySize) {
throw new InvalidAlgorithmParameterException(algorithm +
" key must be at least " + minKeySize + " bits. " +
"The specific key size " + keySize + " is not supported");
}
- if ((maxKeySize != -1) && (keySize > maxKeySize)) {
+ if (keySize > maxKeySize) {
throw new InvalidAlgorithmParameterException(algorithm +
" key must be at most " + maxKeySize + " bits. " +
"The specific key size " + keySize + " is not supported");
@@ -272,12 +274,8 @@
((RSAKeyGenParameterSpec)params).getPublicExponent();
}
try {
- // Reuse the checking in SunRsaSign provider.
- // If maxKeySize is -1, then replace it with
- // Integer.MAX_VALUE to indicate no limit.
RSAKeyFactory.checkKeyLengths(keySize, tmpExponent,
- minKeySize,
- (maxKeySize==-1? Integer.MAX_VALUE:maxKeySize));
+ minKeySize, maxKeySize);
} catch (InvalidKeyException e) {
throw new InvalidAlgorithmParameterException(e);
}
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java Tue Feb 26 10:52:31 2019 +0800
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java Wed Feb 27 19:37:51 2019 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -394,8 +394,9 @@
// skip the check if no native info available
return;
}
- int minKeySize = (int) mechInfo.ulMinKeySize;
- int maxKeySize = (int) mechInfo.ulMaxKeySize;
+ int minKeySize = mechInfo.iMinKeySize;
+ int maxKeySize = mechInfo.iMaxKeySize;
+
// need to override the MAX keysize for SHA1withDSA
if (md != null && mechanism == CKM_DSA && maxKeySize > 1024) {
maxKeySize = 1024;
@@ -419,11 +420,11 @@
" key must be the right type", cce);
}
}
- if ((minKeySize != -1) && (keySize < minKeySize)) {
+ if (keySize < minKeySize) {
throw new InvalidKeyException(keyAlgo +
" key must be at least " + minKeySize + " bits");
}
- if ((maxKeySize != -1) && (keySize > maxKeySize)) {
+ if (keySize > maxKeySize) {
throw new InvalidKeyException(keyAlgo +
" key must be at most " + maxKeySize + " bits");
}
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM_INFO.java Tue Feb 26 10:52:31 2019 +0800
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM_INFO.java Wed Feb 27 19:37:51 2019 +0000
@@ -1,3 +1,27 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
@@ -47,7 +71,7 @@
package sun.security.pkcs11.wrapper;
-
+import java.security.ProviderException;
/**
* class CK_MECHANISM_INFO provides information about a particular mechanism.
@@ -74,6 +98,10 @@
*/
public long ulMinKeySize;
+ // the integer version of ulMinKeySize for doing the actual range
+ // check in SunPKCS11 provider, defaults to 0
+ public final int iMinKeySize;
+
/**
* <B>PKCS#11:</B>
* <PRE>
@@ -82,6 +110,10 @@
*/
public long ulMaxKeySize;
+ // the integer version of ulMaxKeySize for doing the actual range
+ // check in SunPKCS11 provider, defaults to Integer.MAX_VALUE
+ public final int iMaxKeySize;
+
/**
* <B>PKCS#11:</B>
* <PRE>
@@ -94,6 +126,10 @@
long flags) {
this.ulMinKeySize = minKeySize;
this.ulMaxKeySize = maxKeySize;
+ this.iMinKeySize = ((minKeySize < Integer.MAX_VALUE && minKeySize > 0)?
+ (int)minKeySize : 0);
+ this.iMaxKeySize = ((maxKeySize < Integer.MAX_VALUE && maxKeySize > 0)?
+ (int)maxKeySize : Integer.MAX_VALUE);
this.flags = flags;
}