8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures.
Summary: Fixed to treat the queried key size values as bits instead of bytes
Reviewed-by: ascarpino, xuelei
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java Wed Oct 30 15:54:41 2019 -0400
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java Thu Oct 31 02:22:42 2019 +0000
@@ -338,9 +338,6 @@
int keySize = 0; // in bytes
if (mechInfo != null) {
- // check against available native info
- int minKeySize = (int) mechInfo.ulMinKeySize;
- int maxKeySize = (int) mechInfo.ulMaxKeySize;
if (key instanceof P11Key) {
keySize = (((P11Key) key).length() + 7) >> 3;
} else if (key instanceof RSAKey) {
@@ -348,13 +345,16 @@
} else {
throw new InvalidKeyException("Unrecognized key type " + key);
}
- if ((minKeySize != -1) && (keySize < minKeySize)) {
+ // check against available native info which are in bits
+ if ((mechInfo.iMinKeySize != 0) &&
+ (keySize < (mechInfo.iMinKeySize >> 3))) {
throw new InvalidKeyException(KEY_ALGO +
- " key must be at least " + minKeySize + " bytes");
+ " key must be at least " + mechInfo.iMinKeySize + " bits");
}
- if ((maxKeySize != -1) && (keySize > maxKeySize)) {
+ if ((mechInfo.iMaxKeySize != Integer.MAX_VALUE) &&
+ (keySize > (mechInfo.iMaxKeySize >> 3))) {
throw new InvalidKeyException(KEY_ALGO +
- " key must be at most " + maxKeySize + " bytes");
+ " key must be at most " + mechInfo.iMaxKeySize + " bits");
}
}
if (this.sigParams != null) {