[11u] RFR: 8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
Valerie Peng
valerie.peng at oracle.com
Fri Jul 12 00:51:25 UTC 2019
To expedite the review, I looked at the manual changes. The changes look
fine.
Thanks,
Valerie
On 7/11/2019 4:33 PM, Valerie Peng wrote:
> I will take a look.
>
> Thanks,
> Valerie
> On 7/11/2019 2:11 PM, Langer, Christoph wrote:
>> Ping...
>>
>> Can somebody please have a look at this backport? Regression testing
>> shows no problems...
>>
>> Thanks
>> Christoph
>>
>> From: Langer, Christoph
>> Sent: Donnerstag, 4. Juli 2019 15:11
>> To: jdk-updates-dev at openjdk.java.net
>> Cc: security-dev <security-dev at openjdk.java.net>
>> Subject: [11u] RFR: 8216039: TLS with BC and RSASSA-PSS breaks
>> ECDHServerKeyExchange
>>
>> Hi,
>>
>> please help reviewing the backport of JDK-8216039 to jdk11u-dev.
>>
>> Since predecessor patch JDK-8211122 could not be applied to JDK 11
>> updates, some manual work is necessary.
>>
>> In src/java.base/share/classes/java/security/Signature.java and
>> src/java.base/share/classes/sun/security/util/SignatureUtil.java the
>> imports of jdk.internal.access have to be changed into
>> jdk.internal.misc. The update that originally went to
>> src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
>> obviously needs to be applied to
>> src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java. The
>> new file
>> src/java.base/share/classes/jdk/internal/access/JavaSecuritySignatureAccess.java
>> needs to be
>> src/java.base/share/classes/jdk/internal/misc/JavaSecuritySignatureAccess.java
>> in 11u.
>>
>> See the full webrev here:
>> http://cr.openjdk.java.net/~clanger/webrevs/8216039.11u.full.0/
>> The webrev for manual changes only:
>> http://cr.openjdk.java.net/~clanger/webrevs/8216039.11u.manual.0/
>> Original Bug: https://bugs.openjdk.java.net/browse/JDK-8216039
>>
>> Thanks
>> Christoph
>>
More information about the jdk-updates-dev
mailing list