RFR [13] JDK-8226374 Restric signature algorithms and named groups

Xuelei Fan xuelei.fan at oracle.com
Mon Jul 8 16:30:31 UTC 2019


On 7/8/2019 8:45 AM, Sean Mullan wrote:
> A couple of comments/question so far (not done reviewing)
> 
> - Please change all instances of "Restric" to "Restrict" (proper 
> spelling) in the bug summary and names of tests, etc
> 
I will do it.

> - It looks like you have enhanced jdk.tls.disabledAlgorithms to allow 
> you to restrict named groups. I think that would make this an RFE, which 
> will require a CSR and special approval to get into JDK 13. Do you 
> really need this to implement the fix?
Named groups is a part of the signature algorithms for TLS 1.3.  For 
example for signature algorithm ecdsa_secp256r1_sha256, "secp256r1" is 
the named groups part.  It is simple to restrict named groups and 
signature algorithm in one update.

We can go as an RFE for JDK 14.  But I would prefer to have it in JDK 13 
so that applications could disable RSASSA-PSS and the certificate 
selection could be more robust.

As this does not change the public APIs and specs, I think it might be 
fine to go with a bug fix for JDK 13 without a CSR.


> If not, I would separate that 
> part out and target it to JDK 14. Also, why haven't you updated the 
> definition of jdk.tls.disabledAlgorithms to include named groups?
> 
The named groups will be documented in the Standard Algorithms 
Documentation.  I think it is sufficient.

I'm fine to make it an RFE in JDK 14 if you want a CSR.  We could 
backport it later if necessary.

Thanks,
Xuelei

> Thanks,
> Sean
> 
> On 7/7/19 11:00 PM, Xuelei Fan wrote:
>> ping ...
>>
>> On 6/28/2019 1:41 PM, Xuelei Fan wrote:
>>> Hi,
>>>
>>> Could I get the following update reviewed?
>>>      http://cr.openjdk.java.net/~xuelei/8226374/webrev.00/
>>>
>>> During handshaking, the selection of signature algorithms was not 
>>> checked with the algorithm constraints.  Then the available signature 
>>> algorithms may be ignored if a restricted algorithm get selected.  
>>> The connection should be able to be established as there are 
>>> available algorithms.
>>>
>>> Within this update, more algorithm constraints checking are 
>>> introduced in the signature algorithms and named groups code.
>>>
>>> The significant changes are in NamedGroup.java and 
>>> SignatureScheme.java, in order to introduce the checking and 
>>> algorithm parameters and specs.
>>>
>>> Thanks,
>>> Xuelei



More information about the security-dev mailing list