commit 1a7f7511d9a9ffc252e0b32f80d3a4f5dd6e893d
author robm <none@none> Thu Jan 21 19:21:34 2016 +0000
committer robm <none@none> Thu Jan 21 19:21:34 2016 +0000
tree 586883653c270830bc517bc72883153a111dd924
parent 8d71ddd66aa7ddd5f55a9f5dc554dfb9c21e0273

8064330: Remove SHA224 from the default support list if SunMSCAPI enabled
Reviewed-by: xuelei

src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java

diff --git a/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java b/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java
index bb50eb8..cb5c0ff 100644
--- a/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java
+++ b/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java
@@ -28,6 +28,7 @@
 import java.security.AlgorithmConstraints;
 import java.security.CryptoPrimitive;
 import java.security.PrivateKey;
+import java.security.Security;
 
 import java.util.Set;
 import java.util.HashSet;
@@ -413,10 +414,14 @@
                     "SHA1withRSA",          --p);
             supports(HashAlgorithm.SHA1,        SignatureAlgorithm.ECDSA,
                     "SHA1withECDSA",        --p);
-            supports(HashAlgorithm.SHA224,      SignatureAlgorithm.RSA,
-                    "SHA224withRSA",        --p);
-            supports(HashAlgorithm.SHA224,      SignatureAlgorithm.ECDSA,
-                    "SHA224withECDSA",      --p);
+
+            if (Security.getProvider("SunMSCAPI") == null) {
+                supports(HashAlgorithm.SHA224,      SignatureAlgorithm.RSA,
+                        "SHA224withRSA",        --p);
+                supports(HashAlgorithm.SHA224,      SignatureAlgorithm.ECDSA,
+                        "SHA224withECDSA",      --p);
+            }
+
             supports(HashAlgorithm.SHA256,      SignatureAlgorithm.RSA,
                     "SHA256withRSA",        --p);
             supports(HashAlgorithm.SHA256,      SignatureAlgorithm.ECDSA,