Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: 11, 12
-
Fix Version/s: 12
-
Component/s: security-libs
-
Subcomponent:
-
Resolved In Build:b18
-
Verification:Not verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8230581 | 11.0.6-oracle | Xuelei Fan | P3 | Resolved | Fixed | b01 |
JDK-8234234 | 11.0.6 | Xuelei Fan | P3 | Resolved | Fixed | b04 |
JDK-8256687 | openjdk8u272 | Martin Balao | P3 | Closed | Fixed | b06 |
JDK-8243714 | 8u261 | Prasadarao Koppula | P3 | Resolved | Fixed | b05 |
JDK-8247047 | emb-8u261 | Prasadarao Koppula | P3 | Resolved | Fixed | team |
Description
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
}
According to RFC 8446 section 4.2.3 Signature Algorithms [1], the signature scheme name "ecdsa_secp512r1_sha512" should be "ecdsa_secp521r1_sha512". Exactly, the curve is secp521r1, but not secp512r1.
In fact, the code [2] uses named group secp521r1 correctly, but the scheme name is wrong.
[1] https://tools.ietf.org/html/rfc8446#section-4.2.3
[2] http://hg.openjdk.java.net/jdk/jdk/file/cf3fafc740bb/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java#l66
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
}
According to RFC 8446 section 4.2.3 Signature Algorithms [1], the signature scheme name "ecdsa_secp512r1_sha512" should be "ecdsa_secp521r1_sha512". Exactly, the curve is secp521r1, but not secp512r1.
In fact, the code [2] uses named group secp521r1 correctly, but the scheme name is wrong.
[1] https://tools.ietf.org/html/rfc8446#section-4.2.3
[2] http://hg.openjdk.java.net/jdk/jdk/file/cf3fafc740bb/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java#l66
Attachments
Issue Links
- backported by
-
JDK-8230581 Incorrectly named signature scheme ecdsa_secp512r1_sha512
-
- Resolved
-
-
JDK-8234234 Incorrectly named signature scheme ecdsa_secp512r1_sha512
-
- Resolved
-
-
JDK-8243714 Incorrectly named signature scheme ecdsa_secp512r1_sha512
-
- Resolved
-
-
JDK-8247047 Incorrectly named signature scheme ecdsa_secp512r1_sha512
-
- Resolved
-
-
JDK-8256687 Incorrectly named signature scheme ecdsa_secp512r1_sha512
-
- Closed
-