Bug ID: 7180907 Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes

7180907 : Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes

Details

Type:	Bug	Submit Date:	2012-06-29
Status:	Closed	Updated Date:	2013-04-20
Project Name:	JDK	Resolved Date:	2012-08-02
Component:	security-libs	OS:	generic
Sub-Component:	java.security	CPU:	generic
Priority:	P2
Resolution:	Fixed
Affected Versions:	7u3
Fixed Versions:	7u6

Related Reports

Backport:	JDK-2226641 - Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
Backport:	JDK-2226891 - Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
Backport:	JDK-2226642 - Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes

Sub Tasks

Description

SHORT SUMMARY:
If a signature block (.RSA, a PKCS#7 object) contains authenticated
attributes
and uses a SHA-256 digest, verification will fail.  The digest algorithm is
stored in the PKCS7 using the correct OID (2.16.840.1.101.3.4.2.1) but
sun.security.x509.AlgorithmId maps this back to an algorithm with name
"SHA256".  This is not a valid MessageDigest name - the correct version is
SHA-256.

The debug output from:
jarsigner -J-Djava.security.debug=all -verbose -verify i3.jar
debug.txt and i3.jar available here:
ftp://bugftp.us.oracle.com/upload/bug_13/bug13941476 
INDICATORS:
COUNTER INDICATORS:
TRIGGERS: 
KNOWN WORKAROUND:

PRESENT SINCE:
N/A
HOW TO VERIFY:
Run attached test case
NOTES FOR SE:
None
REGRESSION:


*** MNIEMIEC 06/29/12 03:42 pm *** (CHG: Tag Added)
*** MNIEMIEC 06/29/12 03:42 pm ***
New Tag: new_shadow

Comments

EVALUATION

http://hg.openjdk.java.net/hsx/hotspot-comp/jdk/rev/5dc3f32c0d26

2012-08-14

EVALUATION

http://hg.openjdk.java.net/jdk7u/jdk7u6-dev/jdk/rev/c399756623cb

2012-07-16

EVALUATION

Changing the names for AlgorthmId in 7u6 might be dangerous, they are used in many places through out the JDK. Instead, we can simply convert to the correct name inside SignerInfo.java.

2012-07-09

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together