RFR: 8366211: Block signature scheme names to be used with CertificateSignature algorithm constraints usage [v2]

Artur Barashev abarashev at openjdk.org
Thu Sep 4 18:15:44 UTC 2025 

On Thu, 4 Sep 2025 17:37:06 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Fix string concatenation alignment. Use upper-case characters in the test signature scheme name.
>
> src/java.base/share/conf/security/java.security line 764:
> 
>> 762: #       - rsa_pkcs1_sha1 usage HandshakeSignature
>> 763: #       - SHA1withRSA usage CertificateSignature
>> 764: #
> 
> I suggest we also include more details on the acceptable algorithms for HandshakeSignature. I suggest rewording something like:
> 
>> HandshakeSignature restricts the use of the algorithm in TLS handshake signatures. The algorithm is the name of the TLS signature scheme as specified in the Signature Schemes section of the Java Security Standard Algorithm Names specification.
>> 
>> CertificateSignature restricts the use of the algorithm in certificate signatures. The algorithm is the name of a java.security.Signature algorithm as specifed in the Signature Algorithms section of the Java Security Standard Algorithm Names specification.
>> 
>> An algorithm with the HandshakeSignature or CertificateSignature constraint cannot include other usage types defined in the jdk.certpath.disabledAlgorithms  property. The usage type follows the keyword and more than one usage type can be specified with a whitespace delimiter.
>> 
> 
> I don't think you need to say TLS signature schemes cannot be used with CertificateSignature as long as you are clear above as to what the acceptable algorithms are. Does HandshakeSignature only support TLS signature schemes or does it also support java.security.Signature algorithms?

Both `HandshakeSignature` and `CertificateSignature` currently support 3 kinds of algorithms as defined in `SignatureScheme.java`:

- Signature Schemes
- Signature Algorithms
- Signature Key Algorithm

With this PR we are blocking `Signature Schemes` for `CertificateSignature`.
Also, we don't do any algorithm decomposing for usage constraint, i.e. no sub-element matching as described in `jdk.certpath.disabledAlgorithms` documentation in `java.security`. That could be another point of confusion.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26970#discussion_r2323049989

More information about the security-dev mailing list