Code Review Request 8049321 Support SHA256WithDSA in JSSE
Xuelei Fan
xuelei.fan at oracle.com
Wed Dec 16 23:22:00 UTC 2015
On 12/17/2015 3:14 AM, Bradford Wetmore wrote:
> The change itself looks ok, but a question on the previous code.
>
> 420: Why is SHA224 disabled when SunMSCAPI is present? Or
> alternatively, why is SHA224 enabled when SunMSCAPI not present?
SunMSCAPI does not support SHA-224 yet.
> Shouldn't this be based on whether there is a SHA224 implementation
> available?
The SHA-224 is always available with JDK providers. But SHA224withRSA
and SHA224withDSA does not work for SunMSCAPI. So we need to filter out
SHA-224 for SunMSCAPI.
> And if so, why are we not verifying that an implementation
> exists (getInstance("SHA256") doesn't throw exception) for the other
> algorithms also (SHA1/RSA/etc)?
>
Need to check the full signature name. But no checking at present as
these algorithms are supported by JDK providers except the SHA-224 based
ones. May make improvement later.
Thanks,
Xuelei
> The synopsis should probably be:
>
> Support SHA224withDSA/SHA256withDSA in TLSv1.2 \
> signature_algorithms extension
>
> Also, note the case of the "W" in "SHA256WithDSA".
>
> Brad
>
>
> On 12/14/2015 9:47 PM, Xuelei Fan wrote:
>> On 12/15/2015 1:40 PM, Xuelei Fan wrote:
>>> Hi,
>>>
>>> Please this enhancement to the JSSE implementation:
>>>
>> Please review this enhancement to the JSSE implementation:
>>
>>> http://cr.openjdk.java.net/~xuelei/8049321/webrev.00/
>>>
>>> This change will add support for the SHA224withDSA and SHA256withDSA
>>> algorithms in the TLS "signature_algorithms" extension in the SunJSSE
>>> provider. Note that this extension does not apply to TLS 1.1 and
>>> previous versions.
>>>
>>> Thanks,
>>> Xuelei
>>>
>>
More information about the security-dev
mailing list