RFR [14] 8223940: Private key not supported by chosen signature algorithm

Xuelei Fan xuelei.fan at oracle.com
Tue Nov 5 03:27:39 UTC 2019


Hi Valerie,

Thanks for the review.

On 11/4/2019 6:36 PM, Valerie Peng wrote:
> Hi Xuelei,
> 
> Overall changes look good.
> 
> A nit: SignatureScheme.java:552, "Ignore unsupport..." instead of 
> "Ignore the unsupported..."
> 
Good catch!

> It seems that the SignatureScheme selection is always selected with 
> PrivateKey first?
Yes.

> It'd be nice to have some comments explain the 
> different handling between getSigner(PrivateKey) and 
> getVerifier(PublicKey), i.e. former returns null vs later passes up the 
> exception.
> 
Yes, better to have some words for the difference.  Here is the updated 
webrev:
    http://cr.openjdk.java.net/~xuelei/8223940/webrev.01/

Comparing to the previous version, only the SignatureScheme.java is updated.

Thanks,
Xuelei

> Thanks,
> Valerie
> 
> 
> On 10/24/2019 1:56 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Could I get the following update reviewed?
>>     http://cr.openjdk.java.net/~xuelei/8223940/webrev.00/
>>
>> For signature algorithms, the update will fail back to use the 
>> supported signature algorithm for the specific private key. 
>> Previously, the first preferred signature algorithm get used ad the 
>> private key may not be able to work with the signature algorithm however.
>>
>> No new regression test as RSASSA-PSS has been supported in the 
>> SunPKCS11 provider currently.  Can I get a help for the test if you 
>> are running a provider that does not support RSASSA-PSS yet?
>>
>> Thanks & Regards,
>> Xuelei



More information about the security-dev mailing list