Good catch! I missed the update for SignatureScheme.
Here is the new webrev:
http://cr.openjdk.java.net/~xuelei/8217610/webrev.01/
Thanks,
Xuelei
On 4/2/2019 12:35 PM, Valerie Peng wrote:
Hmm, I didn't see the SignatureScheme.java in the webrev? The stacktrace
in the bug record shows the casting being inside SignatureScheme class.
Did I miss something?
Valerie
On 3/28/2019 7:52 AM, Xuelei Fan wrote:
ping ...
Xuelei
On 3/22/2019 2:02 PM, Xuelei Fan wrote:
Hi,
Could I get the following update reviewed?
http://cr.openjdk.java.net/~xuelei/8217610/webrev.00/
For EC key exchange in TLS connections, the private key should use
the specified EC groups. The current code is calling
ECPrivateKey.getParams(). However, the private key may be not an
instance of ECPrivateKey, for example for non-extractable private key
in the SunPKCS11 provider.
To fix the tricky bug, in this update, if private key is an instance
of ECPrivateKey, use it; otherwise, try to check the groups in the
public key of the X.509 certificate bound to the private key.
No hardware to reproduce the issue, and no new regression test. The
update is straightforward. Please help to check the patch if you can
play with a hardware token.
Thanks,
Xuelei
