--- a/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java Wed Nov 06 19:37:52 2019 +0300
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java Wed Nov 06 09:45:04 2019 -0800
@@ -38,7 +38,7 @@
import java.security.SignatureException;
import java.text.MessageFormat;
import java.util.Locale;
-import sun.security.ssl.NamedGroup.NamedGroupSpec;
+import java.util.Map;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.ssl.X509Authentication.X509Credentials;
@@ -135,27 +135,22 @@
shc.negotiatedProtocol.useTLS12PlusSpec();
Signature signer = null;
if (useExplicitSigAlgorithm) {
- signatureScheme = SignatureScheme.getPreferableAlgorithm(
- shc.algorithmConstraints,
- shc.peerRequestedSignatureSchemes,
- x509Possession,
- shc.negotiatedProtocol);
- if (signatureScheme == null) {
+ Map.Entry<SignatureScheme, Signature> schemeAndSigner =
+ SignatureScheme.getSignerOfPreferableAlgorithm(
+ shc.algorithmConstraints,
+ shc.peerRequestedSignatureSchemes,
+ x509Possession,
+ shc.negotiatedProtocol);
+ if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
- "No preferred signature algorithm for " +
+ "No supported signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
- }
- try {
- signer = signatureScheme.getSignature(
- x509Possession.popPrivateKey);
- } catch (NoSuchAlgorithmException | InvalidKeyException |
- InvalidAlgorithmParameterException nsae) {
- throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
- "Unsupported signature algorithm: " +
- signatureScheme.name, nsae);
+ } else {
+ signatureScheme = schemeAndSigner.getKey();
+ signer = schemeAndSigner.getValue();
}
} else {
signatureScheme = null;
@@ -276,7 +271,7 @@
Signature signer;
if (useExplicitSigAlgorithm) {
try {
- signer = signatureScheme.getSignature(
+ signer = signatureScheme.getVerifier(
x509Credentials.popPublicKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {