From 0af2b8a39428c058345c26ace1a62e301b682d2f Mon Sep 17 00:00:00 2001
From: robm <unknown>
Date: Fri, 12 Jan 2018 22:16:44 +0000
Subject: [PATCH] 8186032: Disable XML Signatures signed with EC keys less than
 224 bits Reviewed-by: mullan

---
 src/share/lib/security/java.security-aix     | 1 +
 src/share/lib/security/java.security-linux   | 1 +
 src/share/lib/security/java.security-macosx  | 1 +
 src/share/lib/security/java.security-solaris | 1 +
 src/share/lib/security/java.security-windows | 1 +
 5 files changed, 5 insertions(+)

diff --git a/src/share/lib/security/java.security-aix b/src/share/lib/security/java.security-aix
index 7a9166192..7dcfad4db 100644
--- a/src/share/lib/security/java.security-aix
+++ b/src/share/lib/security/java.security-aix
@@ -846,6 +846,7 @@ jdk.xml.dsig.secureValidationPolicy=\
     disallowReferenceUriSchemes file http https,\
     minKeySize RSA 1024,\
     minKeySize DSA 1024,\
+    minKeySize EC 224,\
     noDuplicateIds,\
     noRetrievalMethodLoops
 
diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux
index 7ef6f20f9..5eef57579 100644
--- a/src/share/lib/security/java.security-linux
+++ b/src/share/lib/security/java.security-linux
@@ -847,6 +847,7 @@ jdk.xml.dsig.secureValidationPolicy=\
     disallowReferenceUriSchemes file http https,\
     minKeySize RSA 1024,\
     minKeySize DSA 1024,\
+    minKeySize EC 224,\
     noDuplicateIds,\
     noRetrievalMethodLoops
 
diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx
index 98a7c86ac..835fa6489 100644
--- a/src/share/lib/security/java.security-macosx
+++ b/src/share/lib/security/java.security-macosx
@@ -850,6 +850,7 @@ jdk.xml.dsig.secureValidationPolicy=\
     disallowReferenceUriSchemes file http https,\
     minKeySize RSA 1024,\
     minKeySize DSA 1024,\
+    minKeySize EC 224,\
     noDuplicateIds,\
     noRetrievalMethodLoops
 
diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris
index 33257f770..31014e781 100644
--- a/src/share/lib/security/java.security-solaris
+++ b/src/share/lib/security/java.security-solaris
@@ -849,6 +849,7 @@ jdk.xml.dsig.secureValidationPolicy=\
     disallowReferenceUriSchemes file http https,\
     minKeySize RSA 1024,\
     minKeySize DSA 1024,\
+    minKeySize EC 224,\
     noDuplicateIds,\
     noRetrievalMethodLoops
 
diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows
index 4e1ce3083..27d9fb23c 100644
--- a/src/share/lib/security/java.security-windows
+++ b/src/share/lib/security/java.security-windows
@@ -850,6 +850,7 @@ jdk.xml.dsig.secureValidationPolicy=\
     disallowReferenceUriSchemes file http https,\
     minKeySize RSA 1024,\
     minKeySize DSA 1024,\
+    minKeySize EC 224,\
     noDuplicateIds,\
     noRetrievalMethodLoops
 
-- 
GitLab