--- old/src/java.base/share/classes/sun/security/rsa/RSASignature.java	2018-05-11 15:04:39.659080900 -0700
+++ new/src/java.base/share/classes/sun/security/rsa/RSASignature.java	2018-05-11 15:04:39.132934700 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,16 +30,18 @@
 
 import java.security.*;
 import java.security.interfaces.*;
+import java.security.spec.AlgorithmParameterSpec;
 
+import sun.security.rsa.RSAUtil.KeyType;
 import sun.security.util.*;
 import sun.security.x509.AlgorithmId;
 
 /**
- * PKCS#1 RSA signatures with the various message digest algorithms.
+ * PKCS#1 v1.5 RSA signatures with the various message digest algorithms.
  * This file contains an abstract base class with all the logic plus
  * a nested static class for each of the message digest algorithms
  * (see end of the file). We support MD2, MD5, SHA-1, SHA-224, SHA-256,
- * SHA-384, and SHA-512.
+ * SHA-384, SHA-512, SHA-512/224, and SHA-512/256.
  *
  * @since   1.5
  * @author  Andreas Sterbenz
@@ -85,6 +87,7 @@
     }
 
     // initialize for verification. See JCA doc
+    @Override
     protected void engineInitVerify(PublicKey publicKey)
             throws InvalidKeyException {
         RSAPublicKey rsaKey = (RSAPublicKey)RSAKeyFactory.toRSAKey(publicKey);
@@ -94,12 +97,14 @@
     }
 
     // initialize for signing. See JCA doc
+    @Override
     protected void engineInitSign(PrivateKey privateKey)
             throws InvalidKeyException {
         engineInitSign(privateKey, null);
     }
 
     // initialize for signing. See JCA doc
+    @Override
     protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
             throws InvalidKeyException {
         RSAPrivateKey rsaKey =
@@ -114,6 +119,11 @@
      */
     private void initCommon(RSAKey rsaKey, SecureRandom random)
             throws InvalidKeyException {
+        try {
+            RSAUtil.checkParamsAgainstType(KeyType.RSA, rsaKey.getParams());
+        } catch (ProviderException e) {
+            throw new InvalidKeyException("Invalid key for RSA signatures", e);
+        }
         resetDigest();
         int keySize = RSACore.getByteLength(rsaKey);
         try {
@@ -148,12 +158,14 @@
     }
 
     // update the signature with the plaintext data. See JCA doc
+    @Override
     protected void engineUpdate(byte b) throws SignatureException {
         md.update(b);
         digestReset = false;
     }
 
     // update the signature with the plaintext data. See JCA doc
+    @Override
     protected void engineUpdate(byte[] b, int off, int len)
             throws SignatureException {
         md.update(b, off, len);
@@ -161,13 +173,18 @@
     }
 
     // update the signature with the plaintext data. See JCA doc
+    @Override
     protected void engineUpdate(ByteBuffer b) {
         md.update(b);
         digestReset = false;
     }
 
     // sign the data and return the signature. See JCA doc
+    @Override
     protected byte[] engineSign() throws SignatureException {
+        if (privateKey == null) {
+            throw new SignatureException("Missing private key");
+        }
         byte[] digest = getDigestValue();
         try {
             byte[] encoded = encodeSignature(digestOID, digest);
@@ -183,7 +200,11 @@
 
     // verify the data and return the result. See JCA doc
     // should be reset to the state after engineInitVerify call.
+    @Override
     protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
+        if (publicKey == null) {
+            throw new SignatureException("Missing public key");
+        }
         try {
             if (sigBytes.length != RSACore.getByteLength(publicKey)) {
                 throw new SignatureException("Signature length not correct: got " +
@@ -248,18 +269,35 @@
 
     // set parameter, not supported. See JCA doc
     @Deprecated
+    @Override
     protected void engineSetParameter(String param, Object value)
             throws InvalidParameterException {
         throw new UnsupportedOperationException("setParameter() not supported");
     }
 
+    // See JCA doc
+    @Override
+    protected void engineSetParameter(AlgorithmParameterSpec params)
+        throws InvalidAlgorithmParameterException {
+        if (params != null) {
+            throw new InvalidAlgorithmParameterException("No parameters accepted");
+        }
+    }
+
     // get parameter, not supported. See JCA doc
     @Deprecated
+    @Override
     protected Object engineGetParameter(String param)
             throws InvalidParameterException {
         throw new UnsupportedOperationException("getParameter() not supported");
     }
 
+    // See JCA doc
+    @Override
+    protected AlgorithmParameters engineGetParameters() {
+        return null;
+    }
+
     // Nested class for MD2withRSA signatures
     public static final class MD2withRSA extends RSASignature {
         public MD2withRSA() {
@@ -309,4 +347,17 @@
         }
     }
 
+    // Nested class for SHA512/224withRSA signatures
+    public static final class SHA512_224withRSA extends RSASignature {
+        public SHA512_224withRSA() {
+            super("SHA-512/224", AlgorithmId.SHA512_224_oid, 11);
+        }
+    }
+
+    // Nested class for SHA512/256withRSA signatures
+    public static final class SHA512_256withRSA extends RSASignature {
+        public SHA512_256withRSA() {
+            super("SHA-512/256", AlgorithmId.SHA512_256_oid, 11);
+        }
+    }
 }