RFR [14] JDK-8226374 Restrict signature algorithms and named groups

Xuelei Fan xuelei.fan at oracle.com
Tue Jul 9 16:43:36 UTC 2019


Hi,

Could I get the following update reviewed?

webrev: http://cr.openjdk.java.net/~xuelei/8226374/webrev.01/
CSR:    https://bugs.openjdk.java.net/browse/JDK-8227445

During handshaking, the selection of signature algorithms was not 
checked with the algorithm constraints.  Then the available signature 
algorithms may be ignored if a restricted algorithm get selected.  The 
connection should be able to be established as there are available 
algorithms.

Within this update, more algorithm constraints checking are introduced 
in the signature algorithms and named groups code.

The significant changes are in NamedGroup.java and SignatureScheme.java, 
in order to introduce the checking and algorithm parameters and specs.

Note that the following JDK 13 review thread was close out.
 
https://mail.openjdk.java.net/pipermail/security-dev/2019-July/020348.html

I targeted this enhancement to JDK 14, and come up with a CSR request.

Thanks,
Xuelei


More information about the security-dev mailing list