JDK-8226651 : Setting the mgfHash in CK_RSA_PKCS_PSS_PARAMS has no effect
- Type: Bug
- Component: security-libs
- Sub-Component: javax.crypto:pkcs11
- Affected Version: 11,13
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- OS: linux_ubuntu
- CPU: x86_64
- Submitted: 2019-06-23
- Updated: 2019-11-21
- Resolved: 2019-06-28
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 13 | JDK 14 |
|---|---|---|
| 11.0.6-oracleFixed | 13 b28Fixed  |
14Fixed |
Related Reports
|
Relates :
|
Description
A DESCRIPTION OF THE PROBLEM :
The constructor of the class sun.security.pkcs11.wrapper.CK_RSA_PKCS_PSS_PARAMS takes the hashAlg to get the MGF function. This should, however, be extracted from the mgfHash parameter.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Read the source code block:
public CK_RSA_PKCS_PSS_PARAMS(String hashAlg, String mgfAlg,
String mgfHash, int sLen) {
this.hashAlg = Functions.getHashMechId(hashAlg);
if (!mgfAlg.equals("MGF1")) {
throw new ProviderException("Only MGF1 is supported");
}
// no dash in PKCS#11 mechanism names
this.mgf = Functions.getMGFId("CKG_MGF1_" + hashAlg.replaceFirst("-", ""));
this.sLen = sLen;
}
FREQUENCY : always
Comments
|