RFR [14] JDK-8226374 Restrict signature algorithms and named groups
Xuelei Fan
xuelei.fan at oracle.com
Tue Jul 9 16:43:36 UTC 2019
Hi,
Could I get the following update reviewed?
webrev: http://cr.openjdk.java.net/~xuelei/8226374/webrev.01/
CSR: https://bugs.openjdk.java.net/browse/JDK-8227445
During handshaking, the selection of signature algorithms was not
checked with the algorithm constraints. Then the available signature
algorithms may be ignored if a restricted algorithm get selected. The
connection should be able to be established as there are available
algorithms.
Within this update, more algorithm constraints checking are introduced
in the signature algorithms and named groups code.
The significant changes are in NamedGroup.java and SignatureScheme.java,
in order to introduce the checking and algorithm parameters and specs.
Note that the following JDK 13 review thread was close out.
https://mail.openjdk.java.net/pipermail/security-dev/2019-July/020348.html
I targeted this enhancement to JDK 14, and come up with a CSR request.
Thanks,
Xuelei
More information about the security-dev
mailing list