archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8211866: TLS 1.3 CertificateRequest message sometimes offers disallowed signature algorithms

Browse source 
Reviewed-by: xuelei
This commit is contained in:
Jamil Nimeh 2018-10-16 11:24:41 -07:00
parent b6e77e4285
commit 180a8773fb
2 changed files with 10 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java
View file

@ -243,18 +243,16 @@ final class CertSignAlgsExtension {
}
// Produce the extension.
if (shc.localSupportedSignAlgs == null) {
shc.localSupportedSignAlgs =
List<SignatureScheme> sigAlgs =
SignatureScheme.getSupportedAlgorithms(
shc.algorithmConstraints, shc.activeProtocols);
}
shc.algorithmConstraints,
List.of(shc.negotiatedProtocol));
int vectorLen = SignatureScheme.sizeInRecord() *
shc.localSupportedSignAlgs.size();
int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();
byte[] extData = new byte[vectorLen + 2];
ByteBuffer m = ByteBuffer.wrap(extData);
Record.putInt16(m, vectorLen);
for (SignatureScheme ss : shc.localSupportedSignAlgs) {
for (SignatureScheme ss : sigAlgs) {
Record.putInt16(m, ss.id);
}