# HG changeset patch # User apetcher # Date 1535482004 14400 # Node ID bda6e40cd2f4795dbb211ee39aa6d638a7533bee # Parent d6feac8fbdff43117902c874686a9d79242f82f3 giving up on signature problem diff -r d6feac8fbdff -r bda6e40cd2f4 src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java --- a/src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java Mon Aug 20 14:43:21 2018 -0400 +++ b/src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java Tue Aug 28 14:46:44 2018 -0400 @@ -121,4 +121,4 @@ "Could not generate secret").initCause(gse); } } -} \ No newline at end of file +} diff -r d6feac8fbdff -r bda6e40cd2f4 src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java --- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Mon Aug 20 14:43:21 2018 -0400 +++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Tue Aug 28 14:46:44 2018 -0400 @@ -841,7 +841,7 @@ } // check whether the group is supported by the underlying providers - public static boolean isAvailableGroup(NamedGroup namedGroup) { + private static boolean isAvailableGroup(NamedGroup namedGroup) { Optional ngfOpt = namedGroup.getFunctions(); if (ngfOpt.isEmpty()) { @@ -849,7 +849,6 @@ } NamedGroupFunctions ngf = ngfOpt.get(); return ngf.isAvailable(); - } static ECGenParameterSpec getECGenParamSpec(NamedGroup namedGroup) { diff -r d6feac8fbdff -r bda6e40cd2f4 src/java.base/share/classes/sun/security/ssl/X509Authentication.java --- a/src/java.base/share/classes/sun/security/ssl/X509Authentication.java Mon Aug 20 14:43:21 2018 -0400 +++ b/src/java.base/share/classes/sun/security/ssl/X509Authentication.java Tue Aug 28 14:46:44 2018 -0400 @@ -285,12 +285,15 @@ } // For ECC certs, check whether we support the EC domain - // parameters. + // parameters. If the client sent a SupportedEllipticCurves + // ClientHello extension, check against that too. ECParameterSpec params = ((ECPublicKey)serverPublicKey).getParams(); NamedGroup namedGroup = NamedGroup.valueOf(params); if ((namedGroup == null) || - (!SupportedGroups.isAvailableGroup(namedGroup))) { + (!SupportedGroups.isSupported(namedGroup)) || + ((shc.clientRequestedNamedGroups != null) && + !shc.clientRequestedNamedGroups.contains(namedGroup))) { if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { SSLLogger.warning( diff -r d6feac8fbdff -r bda6e40cd2f4 test/jdk/sun/security/ec/xec/TestXECOps.java --- a/test/jdk/sun/security/ec/xec/TestXECOps.java Mon Aug 20 14:43:21 2018 -0400 +++ b/test/jdk/sun/security/ec/xec/TestXECOps.java Tue Aug 28 14:46:44 2018 -0400 @@ -25,12 +25,13 @@ * @test * @bug 8171277 * @summary Test XEC curve operations - * @modules jdk.crypto.ec/sun.security.ec + * @modules java.base/sun.security.util jdk.crypto.ec/sun.security.ec * @library /test/lib * @build jdk.test.lib.Convert * @run main TestXECOps */ +import sun.security.util.*; import sun.security.ec.*; import java.util.*; import jdk.test.lib.Convert; diff -r d6feac8fbdff -r bda6e40cd2f4 test/jdk/sun/security/ec/xec/XECIterative.java --- a/test/jdk/sun/security/ec/xec/XECIterative.java Mon Aug 20 14:43:21 2018 -0400 +++ b/test/jdk/sun/security/ec/xec/XECIterative.java Tue Aug 28 14:46:44 2018 -0400 @@ -27,7 +27,7 @@ * @summary XEC curve operations iterative test vectors * @library /test/lib * @build jdk.test.lib.Convert - * @modules jdk.crypto.ec/sun.security.ec + * @modules java.base/sun.security.util jdk.crypto.ec/sun.security.ec * @run main XECIterative 0 10000 * @run main XECIterative 10000 20000 * @run main XECIterative 20000 30000 @@ -40,6 +40,7 @@ * @run main XECIterative 90000 100000 */ +import sun.security.util.*; import sun.security.ec.*; import java.io.*;