| |
@@ -1,96 +1,112 @@
|
| |
- diff --git a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
| |
- --- openjdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
| |
- +++ openjdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
| |
- @@ -180,72 +180,6 @@
|
| |
- // Elliptic Curves (RFC 4492)
|
| |
- //
|
| |
- // See sun.security.util.CurveDB for the OIDs
|
| |
- - // NIST K-163
|
| |
- - SECT163_K1 (0x0001, "sect163k1", "1.3.132.0.1", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECT163_R1 (0x0002, "sect163r1", "1.3.132.0.2", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST B-163
|
| |
- - SECT163_R2 (0x0003, "sect163r2", "1.3.132.0.15", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECT193_R1 (0x0004, "sect193r1", "1.3.132.0.24", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECT193_R2 (0x0005, "sect193r2", "1.3.132.0.25", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST K-233
|
| |
- - SECT233_K1 (0x0006, "sect233k1", "1.3.132.0.26", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST B-233
|
| |
- - SECT233_R1 (0x0007, "sect233r1", "1.3.132.0.27", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECT239_K1 (0x0008, "sect239k1", "1.3.132.0.3", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST K-283
|
| |
- - SECT283_K1 (0x0009, "sect283k1", "1.3.132.0.16", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST B-283
|
| |
- - SECT283_R1 (0x000A, "sect283r1", "1.3.132.0.17", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST K-409
|
| |
- - SECT409_K1 (0x000B, "sect409k1", "1.3.132.0.36", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST B-409
|
| |
- - SECT409_R1 (0x000C, "sect409r1", "1.3.132.0.37", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST K-571
|
| |
- - SECT571_K1 (0x000D, "sect571k1", "1.3.132.0.38", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST B-571
|
| |
- - SECT571_R1 (0x000E, "sect571r1", "1.3.132.0.39", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECP160_K1 (0x000F, "secp160k1", "1.3.132.0.9", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECP160_R1 (0x0010, "secp160r1", "1.3.132.0.8", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECP160_R2 (0x0011, "secp160r2", "1.3.132.0.30", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECP192_K1 (0x0012, "secp192k1", "1.3.132.0.31", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- -
|
| |
- - // NIST P-192
|
| |
- - SECP192_R1 (0x0013, "secp192r1", "1.2.840.10045.3.1.1", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECP224_K1 (0x0014, "secp224k1", "1.3.132.0.32", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - // NIST P-224
|
| |
- - SECP224_R1 (0x0015, "secp224r1", "1.3.132.0.33", true,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
- - SECP256_K1 (0x0016, "secp256k1", "1.3.132.0.10", false,
|
| |
- - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ diff -r b7f68ddec66f src/java.base/share/classes/sun/security/ssl/NamedGroup.java
|
| |
+ --- a/src/java.base/share/classes/sun/security/ssl/NamedGroup.java Tue Jun 25 10:50:59 2019 +0100
|
| |
+ +++ b/src/java.base/share/classes/sun/security/ssl/NamedGroup.java Wed Jul 03 16:36:37 2019 +0200
|
| |
+ @@ -50,97 +50,6 @@
|
| |
+ // Elliptic Curves (RFC 4492)
|
| |
+ //
|
| |
+ // See sun.security.util.CurveDB for the OIDs
|
| |
+ - // NIST K-163
|
| |
+ -
|
| |
+ - SECT163_K1(0x0001, "sect163k1", "1.3.132.0.1",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECT163_R1(0x0002, "sect163r1", "1.3.132.0.2",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST B-163
|
| |
+ - SECT163_R2(0x0003, "sect163r2", "1.3.132.0.15",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECT193_R1(0x0004, "sect193r1", "1.3.132.0.24",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECT193_R2(0x0005, "sect193r2", "1.3.132.0.25",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST K-233
|
| |
+ - SECT233_K1(0x0006, "sect233k1", "1.3.132.0.26",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST B-233
|
| |
+ - SECT233_R1(0x0007, "sect233r1", "1.3.132.0.27",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECT239_K1(0x0008, "sect239k1", "1.3.132.0.3",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST K-283
|
| |
+ - SECT283_K1(0x0009, "sect283k1", "1.3.132.0.16",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST B-283
|
| |
+ - SECT283_R1(0x000A, "sect283r1", "1.3.132.0.17",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST K-409
|
| |
+ - SECT409_K1(0x000B, "sect409k1", "1.3.132.0.36",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST B-409
|
| |
+ - SECT409_R1(0x000C, "sect409r1", "1.3.132.0.37",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST K-571
|
| |
+ - SECT571_K1(0x000D, "sect571k1", "1.3.132.0.38",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST B-571
|
| |
+ - SECT571_R1(0x000E, "sect571r1", "1.3.132.0.39",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECP160_K1(0x000F, "secp160k1", "1.3.132.0.9",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECP160_R1(0x0010, "secp160r1", "1.3.132.0.8",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECP160_R2(0x0011, "secp160r2", "1.3.132.0.30",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECP192_K1(0x0012, "secp192k1", "1.3.132.0.31",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST P-192
|
| |
+ - SECP192_R1(0x0013, "secp192r1", "1.2.840.10045.3.1.1",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECP224_K1(0x0014, "secp224k1", "1.3.132.0.32",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ - // NIST P-224
|
| |
+ - SECP224_R1(0x0015, "secp224r1", "1.3.132.0.33",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ - SECP256_K1(0x0016, "secp256k1", "1.3.132.0.10",
|
| |
+ - NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ - ProtocolVersion.PROTOCOLS_TO_12),
|
| |
+ -
|
| |
+ // NIST P-256
|
| |
+ SECP256_R1(0x0017, "secp256r1", "1.2.840.10045.3.1.7",
|
| |
+ NamedGroupType.NAMED_GROUP_ECDHE,
|
| |
+ diff -r b7f68ddec66f src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
|
| |
+ --- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Tue Jun 25 10:50:59 2019 +0100
|
| |
+ +++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Wed Jul 03 16:36:37 2019 +0200
|
| |
+ @@ -214,17 +214,6 @@
|
| |
+ // Secondary XDH curves
|
| |
+ NamedGroup.X448,
|
| |
|
| |
- // NIST P-256
|
| |
- SECP256_R1 (0x0017, "secp256r1", "1.2.840.10045.3.1.7", true,
|
| |
- @@ -116,12 +116,6 @@
|
| |
- NamedGroup.SECP256_R1,
|
| |
- NamedGroup.SECP384_R1,
|
| |
- NamedGroup.SECP521_R1,
|
| |
- - NamedGroup.SECT283_K1,
|
| |
- - NamedGroup.SECT283_R1,
|
| |
- - NamedGroup.SECT409_K1,
|
| |
- - NamedGroup.SECT409_R1,
|
| |
- - NamedGroup.SECT571_K1,
|
| |
- - NamedGroup.SECT571_R1,
|
| |
-
|
| |
- // FFDHE 2048
|
| |
- NamedGroup.FFDHE_2048,
|
| |
- @@ -136,15 +130,6 @@
|
| |
- NamedGroup.SECP256_R1,
|
| |
- NamedGroup.SECP384_R1,
|
| |
- NamedGroup.SECP521_R1,
|
| |
+ - // Secondary NIST curves
|
| |
- NamedGroup.SECT283_K1,
|
| |
- NamedGroup.SECT283_R1,
|
| |
- NamedGroup.SECT409_K1,
|
| |
@@ -100,12 +116,13 @@
|
| |
-
|
| |
- // non-NIST curves
|
| |
- NamedGroup.SECP256_K1,
|
| |
-
|
| |
- // FFDHE 2048
|
| |
+ -
|
| |
+ // FFDHE (RFC 7919)
|
| |
NamedGroup.FFDHE_2048,
|
| |
- diff --git a/src/java.base/share/classes/sun/security/util/CurveDB.java b/src/java.base/share/classes/sun/security/util/CurveDB.java
|
| |
- --- openjdk/src/java.base/share/classes/sun/security/util/CurveDB.java
|
| |
- +++ openjdk/src/java.base/share/classes/sun/security/util/CurveDB.java
|
| |
+ NamedGroup.FFDHE_3072,
|
| |
+ diff -r b7f68ddec66f src/java.base/share/classes/sun/security/util/CurveDB.java
|
| |
+ --- a/src/java.base/share/classes/sun/security/util/CurveDB.java Tue Jun 25 10:50:59 2019 +0100
|
| |
+ +++ b/src/java.base/share/classes/sun/security/util/CurveDB.java Wed Jul 03 16:36:37 2019 +0200
|
| |
@@ -168,114 +168,6 @@
|
| |
Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN);
|
| |
|
| |
@@ -657,12 +674,12 @@
|
| |
specCollection = Collections.unmodifiableCollection(oidMap.values());
|
| |
}
|
| |
}
|
| |
- diff --git a/test/jdk/sun/security/ec/TestEC.java b/test/jdk/sun/security/ec/TestEC.java
|
| |
- --- openjdk/test/jdk/sun/security/ec/TestEC.java
|
| |
- +++ openjdk/test/jdk/sun/security/ec/TestEC.java
|
| |
- @@ -35,8 +35,8 @@
|
| |
- * @library ../pkcs11/sslecc
|
| |
+ diff -r b7f68ddec66f test/jdk/sun/security/ec/TestEC.java
|
| |
+ --- a/test/jdk/sun/security/ec/TestEC.java Tue Jun 25 10:50:59 2019 +0100
|
| |
+ +++ b/test/jdk/sun/security/ec/TestEC.java Wed Jul 03 16:36:37 2019 +0200
|
| |
+ @@ -37,8 +37,8 @@
|
| |
* @library ../../../java/security/testlibrary
|
| |
+ * @library ../../../javax/net/ssl/TLSCommon
|
| |
* @modules jdk.crypto.cryptoki/sun.security.pkcs11.wrapper
|
| |
- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
|
| |
- * @run main/othervm/java.security.policy=TestEC.policy -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
|
| |
@@ -671,11 +688,11 @@
|
| |
*/
|
| |
|
| |
import java.security.NoSuchProviderException;
|
| |
- diff -r bd66ea2fdde3 test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
|
| |
- --- openjdk/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Jul 27 18:04:48 2017 +0000
|
| |
- +++ openjdk/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Fri Oct 06 13:18:47 2017 +0200
|
| |
+ diff -r b7f68ddec66f test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
|
| |
+ --- a/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Tue Jun 25 10:50:59 2019 +0100
|
| |
+ +++ b/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Wed Jul 03 16:36:37 2019 +0200
|
| |
@@ -34,9 +34,9 @@
|
| |
- * @library ..
|
| |
+ * @library /test/lib .. ../../../../javax/net/ssl/TLSCommon
|
| |
* @library ../../../../java/security/testlibrary
|
| |
* @modules jdk.crypto.cryptoki
|
| |
- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
|
| |
@@ -685,3 +702,4 @@
|
| |
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1"
|
| |
* ClientJSSEServerJSSE sm policy
|
| |
*/
|
| |
+
|
| |
Adapted patches, spec and uploaded new sources