JDK-8212738 : Incorrectly named signature scheme ecdsa_secp512r1_sha512
- Type: Bug
- Component: security-libs
- Sub-Component: javax.net.ssl
- Affected Version: 11,12
- Priority: P3
- Status: Closed
- Resolution: Fixed
- Submitted: 2018-10-22
- Updated: 2020-11-19
- Resolved: 2018-10-31
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 12 | JDK 8 | Other |
|---|---|---|---|
| 11.0.6-oracleFixed | 12 b18Fixed  |
8u261Fixed |
openjdk8u272Fixed |
Description
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
}
According to RFC 8446 section 4.2.3 Signature Algorithms [1], the signature scheme name "ecdsa_secp512r1_sha512" should be "ecdsa_secp521r1_sha512". Exactly, the curve is secp521r1, but not secp512r1.
In fact, the code [2] uses named group secp521r1 correctly, but the scheme name is wrong.
[1] https://tools.ietf.org/html/rfc8446#section-4.2.3
[2] http://hg.openjdk.java.net/jdk/jdk/file/cf3fafc740bb/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java#l66
Comments
|