Code Review Request 8049321 Support SHA256WithDSA in JSSE

Bradford Wetmore bradford.wetmore at oracle.com
Wed Dec 16 19:14:08 UTC 2015


The change itself looks ok, but a question on the previous code.

420:  Why is SHA224 disabled when SunMSCAPI is present?  Or 
alternatively, why is SHA224 enabled when SunMSCAPI not present? 
Shouldn't this be based on whether there is a SHA224 implementation 
available?  And if so, why are we not verifying that an implementation 
exists (getInstance("SHA256") doesn't throw exception) for the other 
algorithms also (SHA1/RSA/etc)?

The synopsis should probably be:

     Support SHA224withDSA/SHA256withDSA in TLSv1.2 \
     signature_algorithms extension

Also, note the case of the "W" in "SHA256WithDSA".

Brad


On 12/14/2015 9:47 PM, Xuelei Fan wrote:
> On 12/15/2015 1:40 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Please this enhancement to the JSSE implementation:
>>
> Please review this enhancement to the JSSE implementation:
>
>>     http://cr.openjdk.java.net/~xuelei/8049321/webrev.00/
>>
>> This change will add support for the SHA224withDSA and SHA256withDSA
>> algorithms in the TLS "signature_algorithms" extension in the SunJSSE
>> provider.  Note that this extension does not apply to TLS 1.1 and
>> previous versions.
>>
>> Thanks,
>> Xuelei
>>
>


More information about the security-dev mailing list