Mercurial > hg > openjdk > jdk6 > jdk

changeset 1739:29f71e03036a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8174756: Extra validation for public keys Reviewed-by: valeriep
author igerasim
date Wed, 05 Jul 2017 13:03:31 -0700
parents 39ff3e76325e
children b2f1356933bc
files src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
diffstat 1 files changed, 15 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java	Wed May 24 19:57:48 2017 -0700
+++ b/src/share/classes/sun/security/rsa/RSAPublicKeyImpl.java	Wed Jul 05 13:03:31 2017 -0700
@@ -48,6 +48,7 @@
 public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey {
 
     private static final long serialVersionUID = 2644735423591199609L;
+    private static final BigInteger THREE = BigInteger.valueOf(3);
 
     private BigInteger n;       // modulus
     private BigInteger e;       // public exponent
@@ -61,6 +62,7 @@
         this.n = n;
         this.e = e;
         RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
+        checkExponentRange();
         // generate the encoding
         algid = RSAPrivateCrtKeyImpl.rsaId;
         try {
@@ -82,6 +84,19 @@
     public RSAPublicKeyImpl(byte[] encoded) throws InvalidKeyException {
         decode(encoded);
         RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
+        checkExponentRange();
+    }
+
+    private void checkExponentRange() throws InvalidKeyException {
+        // the exponent should be smaller than the modulus
+        if (e.compareTo(n) >= 0) {
+            throw new InvalidKeyException("exponent is larger than modulus");
+        }
+
+        // the exponent should be at least 3
+        if (e.compareTo(THREE) < 0) {
+            throw new InvalidKeyException("exponent is smaller than 3");
+        }
     }
 
     // see JCA doc