archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8281236: (D)TLS key exchange named groups

Browse source 
Reviewed-by: mullan
This commit is contained in:
Xue-Lei Andrew Fan 2022-12-07 20:16:45 +00:00
parent 10356e767a
commit 5d4c71c8bd
17 changed files with 806 additions and 236 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java
View file

@ -42,7 +42,6 @@ import java.util.EnumSet;
import java.util.Locale;
import java.util.Map;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.ssl.X509Authentication.X509Credentials;
import sun.security.ssl.X509Authentication.X509Possession;
import sun.security.util.HexDumpEncoder;
@ -139,6 +138,7 @@ final class ECDHServerKeyExchange {
if (useExplicitSigAlgorithm) {
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
shc.sslConfig,
shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
@ -204,7 +204,7 @@ final class ECDHServerKeyExchange {
"Unknown named group ID: " + namedGroupId);
}
if (!SupportedGroups.isSupported(namedGroup)) {
if (!NamedGroup.isEnabled(chc.sslConfig, namedGroup)) {
throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
"Unsupported named group: " + namedGroup);
}