Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8212738

Incorrectly named signature scheme ecdsa_secp512r1_sha512

    Details

    • Subcomponent:
    • Resolved In Build:
      b18
    • Verification:
      Not verified

      Backports

        Description

        "signature_algorithms (13)": {
              "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
        }

        According to RFC 8446 section 4.2.3 Signature Algorithms [1], the signature scheme name "ecdsa_secp512r1_sha512" should be "ecdsa_secp521r1_sha512". Exactly, the curve is secp521r1, but not secp512r1.
        In fact, the code [2] uses named group secp521r1 correctly, but the scheme name is wrong.

        [1] https://tools.ietf.org/html/rfc8446#section-4.2.3
        [2] http://hg.openjdk.java.net/jdk/jdk/file/cf3fafc740bb/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java#l66

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  xuelei Xue-Lei Fan
                  Reporter:
                  jjiang John Jiang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: