Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8236470

Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId

    Details

      Backports

        Description

        Some certificates use ecdsa-with-SHA2 as the signature algorithm and specify the hash algorithm in parameters. For example, SHA384withECDSA is

        0238:001A [1] SEQUENCE
        023A:0009 [10] OID 1.2.840.10045.4.3 (ecdsaWithSpecified)
        0243:000F [11] SEQUENCE
        0245:000B [110] OID 2.16.840.1.101.3.4.2.2 (sha-384)
        0250:0002 [111] NULL

        The parameters here is treated as an EC parameter (normally used to specify a named curve) and an exception will be thrown.

        An earlier draft of ECDSA at https://tools.ietf.org/html/draft-ietf-pkix-sha2-dsa-ecdsa-04#section-3.2.3 mentioned it with "Conforming CA implementations MUST NOT specify the ecdsa-with-Specified OID when encoding certificates and CRLs" and suggested "conforming client implementations MAY recognize" it, but even this line was removed in the final version at https://tools.ietf.org/html/rfc5758 and this OID is never documented anywhere.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  weijun Weijun Wang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: