RFR [13] JDK-8226374 Restric signature algorithms and named groups
Xuelei Fan
xuelei.fan at oracle.com
Fri Jun 28 20:41:56 UTC 2019
Hi,
Could I get the following update reviewed?
http://cr.openjdk.java.net/~xuelei/8226374/webrev.00/
During handshaking, the selection of signature algorithms was not
checked with the algorithm constraints. Then the available signature
algorithms may be ignored if a restricted algorithm get selected. The
connection should be able to be established as there are available
algorithms.
Within this update, more algorithm constraints checking are introduced
in the signature algorithms and named groups code.
The significant changes are in NamedGroup.java and SignatureScheme.java,
in order to introduce the checking and algorithm parameters and specs.
Thanks,
Xuelei
More information about the security-dev
mailing list