Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8212738

Incorrectly named signature scheme ecdsa_secp512r1_sha512

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b18
    • Verification:
      Not verified

      Description

      "signature_algorithms (13)": {
            "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
      }

      According to RFC 8446 section 4.2.3 Signature Algorithms [1], the signature scheme name "ecdsa_secp512r1_sha512" should be "ecdsa_secp521r1_sha512". Exactly, the curve is secp521r1, but not secp512r1.
      In fact, the code [2] uses named group secp521r1 correctly, but the scheme name is wrong.

      [1] https://tools.ietf.org/html/rfc8446#section-4.2.3
      [2] http://hg.openjdk.java.net/jdk/jdk/file/cf3fafc740bb/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java#l66

        Attachments

          Activity

            People

            • Assignee:
              xuelei Xue-Lei Fan
              Reporter:
              jjiang John Jiang
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: