Skip to content

Commit

Permalink
TKSS-602: No need to set SM2SignatureParameterSpec for sm2sig_sm3 on …
Browse files Browse the repository at this point in the history 
…pre-TLS 1.3
  • Loading branch information
@johnshajiang
johnshajiang committed Dec 18, 2023
1 parent 3721fe1 commit 030c97b
Showing 1 changed file with 6 additions and 10 deletions.
16 changes: 6 additions & 10 deletions kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SignatureScheme.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -602,14 +602,10 @@ Signature getVerifier(PublicKey publicKey, boolean isTLS13)

Signature verifier = CryptoInsts.getSignature(algorithm);

// sm2sig_sm3 always needs SM2SignatureParameterSpec containing public key.
// And for TLS 1.3, the spec has to set "TLSv1.3+GM+Cipher+Suite" as ID.
if (this == SM2SIG_SM3) {
SM2SignatureParameterSpec paramSpec = isTLS13
? new SM2SignatureParameterSpec(Utilities.TLS13_SM_ID,
(ECPublicKey) publicKey)
: new SM2SignatureParameterSpec((ECPublicKey) publicKey);
verifier.setParameter(paramSpec);
// sm2sig_sm3 uses "TLSv1.3+GM+Cipher+Suite" as ID for TLS 1.3.
if (this == SM2SIG_SM3 && isTLS13) {
verifier.setParameter(new SM2SignatureParameterSpec(
Utilities.TLS13_SM_ID, (ECPublicKey) publicKey));
}

SignatureUtil.initVerifyWithParam(verifier, publicKey,
Expand All @@ -636,8 +632,8 @@ Signature getSigner(PrivateKey privateKey, PublicKey publicKey, boolean isTLS13)
try {
Signature signer = CryptoInsts.getSignature(algorithm);

// sm2sig_sm3 always needs SM2SignatureParameterSpec containing public key.
// And for TLS 1.3, the spec has to set "TLSv1.3+GM+Cipher+Suite" as ID.
// sm2sig_sm3 always needs public key for signing.
// And it uses "TLSv1.3+GM+Cipher+Suite" as ID for TLS 1.3.
if (this == SM2SIG_SM3) {
SM2SignatureParameterSpec paramSpec = isTLS13
? new SM2SignatureParameterSpec(Utilities.TLS13_SM_ID,
Expand Down

0 comments on commit 030c97b

Please sign in to comment.