8245686: Ed25519 and Ed448 present in handshake messages

Reviewed-by: jnimeh, xuelei, wetmore
2020-06-09 18:27:59 -07:00 · 2020-06-09 18:27:59 -07:00 · ee452946fc
commit ee452946fc
parent b6a9f3015a
1 changed files with 12 additions and 1 deletions
--- a/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java
+++ b/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -274,6 +274,17 @@ enum SignatureScheme {
                Arrays.asList(handshakeSupportedProtocols);

        boolean mediator = true;
+
+        // Disable EdDSA algorithms for TLS.  Remove this when support is added.
+        if (id == 0x0807 || id == 0x0808) {
+            mediator = false;
+            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
+                SSLLogger.warning(
+                    "Signature algorithm, " + algorithm +
+                        ", not supported by JSSE");
+            }
+        }
+
        // An EC provider, for example the SunEC provider, may support
        // AlgorithmParameters but not KeyPairGenerator or Signature.
        //