-
Bug
-
Resolution: Fixed
-
P3
-
11, 12
-
b18
-
Not verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8230581 | 11.0.6-oracle | Xuelei Fan | P3 | Resolved | Fixed | b01 |
| JDK-8234234 | 11.0.6 | Xuelei Fan | P3 | Resolved | Fixed | b04 |
| JDK-8256687 | openjdk8u272 | Martin Balao Alonso | P3 | Closed | Fixed | b06 |
| JDK-8243714 | 8u261 | Prasadarao Koppula | P3 | Resolved | Fixed | b05 |
| JDK-8247047 | emb-8u261 | Prasadarao Koppula | P3 | Resolved | Fixed | team |
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
}
According to RFC 8446 section 4.2.3 Signature Algorithms [1], the signature scheme name "ecdsa_secp512r1_sha512" should be "ecdsa_secp521r1_sha512". Exactly, the curve is secp521r1, but not secp512r1.
In fact, the code [2] uses named group secp521r1 correctly, but the scheme name is wrong.
[1] https://tools.ietf.org/html/rfc8446#section-4.2.3
[2] http://hg.openjdk.java.net/jdk/jdk/file/cf3fafc740bb/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java#l66
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
}
According to RFC 8446 section 4.2.3 Signature Algorithms [1], the signature scheme name "ecdsa_secp512r1_sha512" should be "ecdsa_secp521r1_sha512". Exactly, the curve is secp521r1, but not secp512r1.
In fact, the code [2] uses named group secp521r1 correctly, but the scheme name is wrong.
[1] https://tools.ietf.org/html/rfc8446#section-4.2.3
[2] http://hg.openjdk.java.net/jdk/jdk/file/cf3fafc740bb/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java#l66
- backported by
-
JDK-8230581 Incorrectly named signature scheme ecdsa_secp512r1_sha512
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-