RFR: 8284926: Share the certificate NamedGroup in SignatureScheme::getSignerOfPreferableAlgorithm
John Jiang
jjiang at openjdk.java.net
Sat Apr 16 23:52:31 UTC 2022
On Sat, 16 Apr 2022 14:38:09 GMT, XenoAmess <duke at openjdk.java.net> wrote:
>> It would not to generate the certificate's ECParameterSpec and NamedGroup multiple times in method `SignatureScheme::getSignerOfPreferableAlgorithm`.
>
> src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 494:
>
>> 492: x509Possession.getECParameterSpec();
>> 493: if (params != null &&
>> 494: ss.namedGroup == NamedGroup.valueOf(params)) {
>
> look at here.
> if : param == null and namedGroup == null and ss.namedGroup == null,
> the codes before this change will not enter the if branch, but the codes after this changes will enter the if branch.
ss.namedGroup should not be null here. The previous if statement already checks that:
if ((ss.namedGroup != null) && (ss.namedGroup.spec ==
NamedGroupSpec.NAMED_GROUP_ECDHE)) {
-------------
PR: https://git.openjdk.java.net/jdk/pull/8271
More information about the security-dev
mailing list