--- a/src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java Mon Aug 20 14:43:21 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java Tue Aug 28 14:46:44 2018 -0400
@@ -121,4 +121,4 @@
"Could not generate secret").initCause(gse);
}
}
-}
\ No newline at end of file
+}
--- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Mon Aug 20 14:43:21 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Tue Aug 28 14:46:44 2018 -0400
@@ -841,7 +841,7 @@
}
// check whether the group is supported by the underlying providers
- public static boolean isAvailableGroup(NamedGroup namedGroup) {
+ private static boolean isAvailableGroup(NamedGroup namedGroup) {
Optional<NamedGroupFunctions> ngfOpt = namedGroup.getFunctions();
if (ngfOpt.isEmpty()) {
@@ -849,7 +849,6 @@
}
NamedGroupFunctions ngf = ngfOpt.get();
return ngf.isAvailable();
-
}
static ECGenParameterSpec getECGenParamSpec(NamedGroup namedGroup) {
--- a/src/java.base/share/classes/sun/security/ssl/X509Authentication.java Mon Aug 20 14:43:21 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/X509Authentication.java Tue Aug 28 14:46:44 2018 -0400
@@ -285,12 +285,15 @@
}
// For ECC certs, check whether we support the EC domain
- // parameters.
+ // parameters. If the client sent a SupportedEllipticCurves
+ // ClientHello extension, check against that too.
ECParameterSpec params =
((ECPublicKey)serverPublicKey).getParams();
NamedGroup namedGroup = NamedGroup.valueOf(params);
if ((namedGroup == null) ||
- (!SupportedGroups.isAvailableGroup(namedGroup))) {
+ (!SupportedGroups.isSupported(namedGroup)) ||
+ ((shc.clientRequestedNamedGroups != null) &&
+ !shc.clientRequestedNamedGroups.contains(namedGroup))) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
--- a/test/jdk/sun/security/ec/xec/TestXECOps.java Mon Aug 20 14:43:21 2018 -0400
+++ b/test/jdk/sun/security/ec/xec/TestXECOps.java Tue Aug 28 14:46:44 2018 -0400
@@ -25,12 +25,13 @@
* @test
* @bug 8171277
* @summary Test XEC curve operations
- * @modules jdk.crypto.ec/sun.security.ec
+ * @modules java.base/sun.security.util jdk.crypto.ec/sun.security.ec
* @library /test/lib
* @build jdk.test.lib.Convert
* @run main TestXECOps
*/
+import sun.security.util.*;
import sun.security.ec.*;
import java.util.*;
import jdk.test.lib.Convert;
--- a/test/jdk/sun/security/ec/xec/XECIterative.java Mon Aug 20 14:43:21 2018 -0400
+++ b/test/jdk/sun/security/ec/xec/XECIterative.java Tue Aug 28 14:46:44 2018 -0400
@@ -27,7 +27,7 @@
* @summary XEC curve operations iterative test vectors
* @library /test/lib
* @build jdk.test.lib.Convert
- * @modules jdk.crypto.ec/sun.security.ec
+ * @modules java.base/sun.security.util jdk.crypto.ec/sun.security.ec
* @run main XECIterative 0 10000
* @run main XECIterative 10000 20000
* @run main XECIterative 20000 30000
@@ -40,6 +40,7 @@
* @run main XECIterative 90000 100000
*/
+import sun.security.util.*;
import sun.security.ec.*;
import java.io.*;