8225766: Curve in certificate should not affect signature scheme when using TLSv1.3

Reviewed-by: ascarpino
2025-09-20 19:14:38 +02:00 · 2019-06-19 21:49:33 -07:00 · 2019-06-19 21:49:33 -07:00 · dbf62785ef
commit dbf62785ef
parent be2a48350d
3 changed files with 232 additions and 7 deletions
--- a/src/java.base/share/classes/sun/security/ssl/X509Authentication.java
+++ b/src/java.base/share/classes/sun/security/ssl/X509Authentication.java
@ -69,7 +69,7 @@ enum X509Authentication implements SSLAuthentication {
    final String keyType;
    final SSLPossessionGenerator possessionGenerator;

-    X509Authentication(String keyType,
+    private X509Authentication(String keyType,
            SSLPossessionGenerator possessionGenerator) {
        this.keyType = keyType;
        this.possessionGenerator = possessionGenerator;
@ -326,10 +326,12 @@ enum X509Authentication implements SSLAuthentication {
                return null;
            }

-            // For ECC certs, check whether we support the EC domain
-            // parameters.  If the client sent a SupportedEllipticCurves
-            // ClientHello extension, check against that too.
-            if (keyType.equals("EC")) {
+            // For TLS 1.2 and prior versions, the public key of a EC cert
+            // MUST use a curve and point format supported by the client.
+            // But for TLS 1.3, signature algorithms are negotiated
+            // independently via the "signature_algorithms" extension.
+            if (!shc.negotiatedProtocol.useTLS13PlusSpec() &&
+                    keyType.equals("EC")) {
                if (!(serverPublicKey instanceof ECPublicKey)) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                        SSLLogger.warning(serverAlias +
@ -339,8 +341,9 @@ enum X509Authentication implements SSLAuthentication {
                }

                // For ECC certs, check whether we support the EC domain
-                // parameters. If the client sent a SupportedEllipticCurves
-                // ClientHello extension, check against that too.
+                // parameters.  If the client sent a supported_groups
+                // ClientHello extension, check against that too for
+                // TLS 1.2 and prior versions.
                ECParameterSpec params =
                        ((ECPublicKey)serverPublicKey).getParams();
                NamedGroup namedGroup = NamedGroup.valueOf(params);