changeset 52151:af6fb2cb82ae

8211866: TLS 1.3 CertificateRequest message sometimes offers disallowed signature algorithms Reviewed-by: xuelei
author jnimeh
date Tue, 16 Oct 2018 11:24:41 -0700
parents f586d225bd0b
children bfdf2926cebc
files src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java
diffstat 2 files changed, 10 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java	Tue Oct 16 17:43:30 2018 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java	Tue Oct 16 11:24:41 2018 -0700
@@ -243,18 +243,16 @@
             }
 
             // Produce the extension.
-            if (shc.localSupportedSignAlgs == null) {
-                shc.localSupportedSignAlgs =
+            List<SignatureScheme> sigAlgs =
                     SignatureScheme.getSupportedAlgorithms(
-                            shc.algorithmConstraints, shc.activeProtocols);
-            }
+                            shc.algorithmConstraints,
+                            List.of(shc.negotiatedProtocol));
 
-            int vectorLen = SignatureScheme.sizeInRecord() *
-                    shc.localSupportedSignAlgs.size();
+            int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();
             byte[] extData = new byte[vectorLen + 2];
             ByteBuffer m = ByteBuffer.wrap(extData);
             Record.putInt16(m, vectorLen);
-            for (SignatureScheme ss : shc.localSupportedSignAlgs) {
+            for (SignatureScheme ss : sigAlgs) {
                 Record.putInt16(m, ss.id);
             }
 
--- a/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java	Tue Oct 16 17:43:30 2018 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java	Tue Oct 16 11:24:41 2018 -0700
@@ -410,18 +410,16 @@
             }
 
             // Produce the extension.
-            if (shc.localSupportedSignAlgs == null) {
-                shc.localSupportedSignAlgs =
+            List<SignatureScheme> sigAlgs =
                     SignatureScheme.getSupportedAlgorithms(
-                            shc.algorithmConstraints, shc.activeProtocols);
-            }
+                            shc.algorithmConstraints,
+                            List.of(shc.negotiatedProtocol));
 
-            int vectorLen = SignatureScheme.sizeInRecord() *
-                    shc.localSupportedSignAlgs.size();
+            int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();
             byte[] extData = new byte[vectorLen + 2];
             ByteBuffer m = ByteBuffer.wrap(extData);
             Record.putInt16(m, vectorLen);
-            for (SignatureScheme ss : shc.localSupportedSignAlgs) {
+            for (SignatureScheme ss : sigAlgs) {
                 Record.putInt16(m, ss.id);
             }