JDK-6695485 : SignedObject constructor throws ProviderException if it's called using provider "SunPKCS11-Solaris"
- Type: Bug
- Component: security-libs
- Sub-Component: javax.crypto:pkcs11
- Affected Version: 6,6u16
- Priority: P2
- Status: Resolved
- Resolution: Fixed
- OS: generic,solaris_10
- CPU: generic,sparc
- Submitted: 2008-04-29
- Updated: 2012-03-22
- Resolved: 2010-04-14
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 6 | JDK 7 | Other |
|---|---|---|
6u18Fixed  |
7 b89Fixed |
OpenJDK6Fixed |
Description
The constructor SignedObject(Serializable,PrivateKey,Signature) throws ProviderException in case when PrivateKey and Signature parameters are created using provider "SunPKCS11-Solaris".
Please see the minitest and it's output:
-----------------------------------------------------------
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignedObject;
public class SignatureMinitest {
public static void main(String[] args) throws Exception {
String provider = "SunPKCS11-Solaris";
Signature sig = Signature.getInstance("SHA384withRSA", provider);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", provider);
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
PrivateKey privKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
sig.initSign(privKey);
new SignedObject("Test string for getSignature test.", privKey, sig);
}
}
Exception in thread "main" java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:483)
at java.security.Signature$Delegate.engineSign(Signature.java:1128)
at java.security.Signature.sign(Signature.java:522)
at java.security.SignedObject.sign(SignedObject.java:227)
at java.security.SignedObject.<init>(SignedObject.java:144)
at SignatureMinitest.main(SignatureMinitest.java:20)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
at sun.security.pkcs11.wrapper.PKCS11.C_Sign(Native Method)
at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:474)
... 5 more
-----------------------------------------------------------
Possibly the root cause is the key length, because the same code with provider "SunRsaSign" produces InvalidKeyException:
Exception in thread "main" java.security.InvalidKeyException: Key is too short for this signature algorithm
at sun.security.rsa.RSASignature.initCommon(RSASignature.java:111)
at sun.security.rsa.RSASignature.engineInitSign(RSASignature.java:93)
at sun.security.rsa.RSASignature.engineInitSign(RSASignature.java:84)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1095)
at java.security.Signature.initSign(Signature.java:480)
at SignatureMinitest.main(SignatureMinitest.java:19)
Comments
|