RFR [14] 8223940: Private key not supported by chosen signature algorithm
Xuelei Fan
xuelei.fan at oracle.com
Tue Nov 5 03:27:39 UTC 2019
Hi Valerie,
Thanks for the review.
On 11/4/2019 6:36 PM, Valerie Peng wrote:
> Hi Xuelei,
>
> Overall changes look good.
>
> A nit: SignatureScheme.java:552, "Ignore unsupport..." instead of
> "Ignore the unsupported..."
>
Good catch!
> It seems that the SignatureScheme selection is always selected with
> PrivateKey first?
Yes.
> It'd be nice to have some comments explain the
> different handling between getSigner(PrivateKey) and
> getVerifier(PublicKey), i.e. former returns null vs later passes up the
> exception.
>
Yes, better to have some words for the difference. Here is the updated
webrev:
http://cr.openjdk.java.net/~xuelei/8223940/webrev.01/
Comparing to the previous version, only the SignatureScheme.java is updated.
Thanks,
Xuelei
> Thanks,
> Valerie
>
>
> On 10/24/2019 1:56 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Could I get the following update reviewed?
>> http://cr.openjdk.java.net/~xuelei/8223940/webrev.00/
>>
>> For signature algorithms, the update will fail back to use the
>> supported signature algorithm for the specific private key.
>> Previously, the first preferred signature algorithm get used ad the
>> private key may not be able to work with the signature algorithm however.
>>
>> No new regression test as RSASSA-PSS has been supported in the
>> SunPKCS11 provider currently. Can I get a help for the test if you
>> are running a provider that does not support RSASSA-PSS yet?
>>
>> Thanks & Regards,
>> Xuelei
More information about the security-dev
mailing list