-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 8-pool, 11-pool, 11-pool-oracle
-
Component/s: security-libs
-
None
-
b18
The AlgorithmIdentifier for ECDSA should omit the parameters field. See https://tools.ietf.org/html/rfc5758#section-3.2 :
When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
ecdsa-with-SHA512 algorithm identifier appears in the algorithm field
as an AlgorithmIdentifier, the encoding MUST omit the parameters
field.
However, the JDK encodes the parameters as NULL. The bug is in sun.security.x509.AlgorithmId.derEncode()
When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
ecdsa-with-SHA512 algorithm identifier appears in the algorithm field
as an AlgorithmIdentifier, the encoding MUST omit the parameters
field.
However, the JDK encodes the parameters as NULL. The bug is in sun.security.x509.AlgorithmId.derEncode()
- csr for
-
JDK-8253912 Incorrect encoding for EC AlgorithmIdentifier
-
- Closed
-
- duplicates
-
-
- Closed
-
