A couple of comments/question so far (not done reviewing)
- Please change all instances of "Restric" to "Restrict" (proper
spelling) in the bug summary and names of tests, etc
- It looks like you have enhanced jdk.tls.disabledAlgorithms to allow
you to restrict named groups. I think that would make this an RFE, which
will require a CSR and special approval to get into JDK 13. Do you
really need this to implement the fix? If not, I would separate that
part out and target it to JDK 14. Also, why haven't you updated the
definition of jdk.tls.disabledAlgorithms to include named groups?
Thanks,
Sean
On 7/7/19 11:00 PM, Xuelei Fan wrote:
ping ...
On 6/28/2019 1:41 PM, Xuelei Fan wrote:
Hi,
Could I get the following update reviewed?
http://cr.openjdk.java.net/~xuelei/8226374/webrev.00/
During handshaking, the selection of signature algorithms was not
checked with the algorithm constraints. Then the available signature
algorithms may be ignored if a restricted algorithm get selected. The
connection should be able to be established as there are available
algorithms.
Within this update, more algorithm constraints checking are introduced
in the signature algorithms and named groups code.
The significant changes are in NamedGroup.java and
SignatureScheme.java, in order to introduce the checking and algorithm
parameters and specs.
Thanks,
Xuelei
