jdk/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java
Print this page
rev 5679 : 7192392: Better validation of client keys
Summary: Also reviewed by Andrew Gross<Andrew.Gross@Oracle.COM>
Reviewed-by: vinnie
*** 36,46 ****
import java.util.TreeMap;
import java.util.Collection;
import java.util.Collections;
import java.util.ArrayList;
! import sun.security.util.KeyLength;
/**
* Signature and hash algorithm.
*
* [RFC5246] The client uses the "signature_algorithms" extension to
--- 36,46 ----
import java.util.TreeMap;
import java.util.Collection;
import java.util.Collections;
import java.util.ArrayList;
! import sun.security.util.KeyUtil;
/**
* Signature and hash algorithm.
*
* [RFC5246] The client uses the "signature_algorithms" extension to
*** 277,287 ****
* 768, the digest length should be less than or equal to 32 bytes.
*
* If key size is less than 512, the digest length should be
* less than or equal to 20 bytes.
*/
! int keySize = KeyLength.getKeySize(signingKey);
if (keySize >= 768) {
maxDigestLength = HashAlgorithm.SHA512.length;
} else if ((keySize >= 512) && (keySize < 768)) {
maxDigestLength = HashAlgorithm.SHA256.length;
} else if ((keySize > 0) && (keySize < 512)) {
--- 277,287 ----
* 768, the digest length should be less than or equal to 32 bytes.
*
* If key size is less than 512, the digest length should be
* less than or equal to 20 bytes.
*/
! int keySize = KeyUtil.getKeySize(signingKey);
if (keySize >= 768) {
maxDigestLength = HashAlgorithm.SHA512.length;
} else if ((keySize >= 512) && (keySize < 768)) {
maxDigestLength = HashAlgorithm.SHA256.length;
} else if ((keySize > 0) && (keySize < 512)) {