archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-20 11:04:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8225766: Curve in certificate should not affect signature scheme when using TLSv1.3

Browse source 
Reviewed-by: ascarpino
This commit is contained in:
Xue-Lei Andrew Fan 2019-06-19 21:49:33 -07:00
parent be2a48350d
commit dbf62785ef
3 changed files with 232 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

34
src/java.base/share/classes/sun/security/ssl/SignatureScheme.java
View file

@ -39,6 +39,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import sun.security.ssl.NamedGroup.NamedGroupType;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.ssl.X509Authentication.X509Possession;
import sun.security.util.KeyUtil;
import sun.security.util.SignatureUtil;
@ -440,6 +441,39 @@ enum SignatureScheme {
ss.namedGroup == NamedGroup.valueOf(params)) {
return ss;
}
if (SSLLogger.isOn &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore the signature algorithm (" + ss +
"), unsupported EC parameter spec: " + params);
}
} else if ("EC".equals(ss.keyAlgorithm)) {
// Must be a legacy signature algorithm, which does not
// specify the associated named groups. The connection
// cannot be established if the peer cannot recognize
// the named group used for the signature. RFC 8446
// does not define countermeasures for the corner cases.
// In order to mitigate the impact, we choose to check
// against the local supported named groups. The risk
// should be minimal as applications should not use
// unsupported named groups for its certificates.
ECParameterSpec params =
x509Possession.getECParameterSpec();
if (params != null) {
NamedGroup keyGroup = NamedGroup.valueOf(params);
if (keyGroup != null &&
SupportedGroups.isSupported(keyGroup)) {
return ss;
}
}
if (SSLLogger.isOn &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore the legacy signature algorithm (" + ss +
"), unsupported EC parameter spec: " + params);
}
} else {
return ss;
}

17
src/java.base/share/classes/sun/security/ssl/X509Authentication.java
View file

@ -69,7 +69,7 @@ enum X509Authentication implements SSLAuthentication {
final String keyType;
final SSLPossessionGenerator possessionGenerator;
X509Authentication(String keyType,
private X509Authentication(String keyType,
SSLPossessionGenerator possessionGenerator) {
this.keyType = keyType;
this.possessionGenerator = possessionGenerator;
@ -326,10 +326,12 @@ enum X509Authentication implements SSLAuthentication {
return null;
}
// For ECC certs, check whether we support the EC domain
// parameters. If the client sent a SupportedEllipticCurves
// ClientHello extension, check against that too.
if (keyType.equals("EC")) {
// For TLS 1.2 and prior versions, the public key of a EC cert
// MUST use a curve and point format supported by the client.
// But for TLS 1.3, signature algorithms are negotiated
// independently via the "signature_algorithms" extension.
if (!shc.negotiatedProtocol.useTLS13PlusSpec() &&
keyType.equals("EC")) {
if (!(serverPublicKey instanceof ECPublicKey)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning(serverAlias +
@ -339,8 +341,9 @@ enum X509Authentication implements SSLAuthentication {
}
// For ECC certs, check whether we support the EC domain
// parameters. If the client sent a SupportedEllipticCurves
// ClientHello extension, check against that too.
// parameters. If the client sent a supported_groups
// ClientHello extension, check against that too for
// TLS 1.2 and prior versions.
ECParameterSpec params =
((ECPublicKey)serverPublicKey).getParams();
NamedGroup namedGroup = NamedGroup.valueOf(params);