8211866: TLS 1.3 CertificateRequest message sometimes offers disallowed signature algorithms
Reviewed-by: xuelei
--- a/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java Tue Oct 16 17:43:30 2018 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java Tue Oct 16 11:24:41 2018 -0700
@@ -243,18 +243,16 @@
}
// Produce the extension.
- if (shc.localSupportedSignAlgs == null) {
- shc.localSupportedSignAlgs =
+ List<SignatureScheme> sigAlgs =
SignatureScheme.getSupportedAlgorithms(
- shc.algorithmConstraints, shc.activeProtocols);
- }
+ shc.algorithmConstraints,
+ List.of(shc.negotiatedProtocol));
- int vectorLen = SignatureScheme.sizeInRecord() *
- shc.localSupportedSignAlgs.size();
+ int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();
byte[] extData = new byte[vectorLen + 2];
ByteBuffer m = ByteBuffer.wrap(extData);
Record.putInt16(m, vectorLen);
- for (SignatureScheme ss : shc.localSupportedSignAlgs) {
+ for (SignatureScheme ss : sigAlgs) {
Record.putInt16(m, ss.id);
}
--- a/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java Tue Oct 16 17:43:30 2018 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java Tue Oct 16 11:24:41 2018 -0700
@@ -410,18 +410,16 @@
}
// Produce the extension.
- if (shc.localSupportedSignAlgs == null) {
- shc.localSupportedSignAlgs =
+ List<SignatureScheme> sigAlgs =
SignatureScheme.getSupportedAlgorithms(
- shc.algorithmConstraints, shc.activeProtocols);
- }
+ shc.algorithmConstraints,
+ List.of(shc.negotiatedProtocol));
- int vectorLen = SignatureScheme.sizeInRecord() *
- shc.localSupportedSignAlgs.size();
+ int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();
byte[] extData = new byte[vectorLen + 2];
ByteBuffer m = ByteBuffer.wrap(extData);
Record.putInt16(m, vectorLen);
- for (SignatureScheme ss : shc.localSupportedSignAlgs) {
+ for (SignatureScheme ss : sigAlgs) {
Record.putInt16(m, ss.id);
}