[11u] RFR: 8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange

Langer, Christoph christoph.langer at sap.com
Fri Jul 12 11:47:35 UTC 2019 

Thank you, Paul and Valerie for the reviews.

@Valerie: I'll take a look whether https://bugs.openjdk.java.net/browse/JDK-8225745 can/should be backported and if yes, take care of the backport ��

> -----Original Message-----
> From: Hohensee, Paul <hohensee at amazon.com>
> Sent: Freitag, 12. Juli 2019 01:44
> To: Langer, Christoph <christoph.langer at sap.com>; jdk-updates-
> dev at openjdk.java.net
> Cc: security-dev <security-dev at openjdk.java.net>
> Subject: Re: [11u] RFR: 8216039: TLS with BC and RSASSA-PSS breaks
> ECDHServerKeyExchange
> 
> Looks good.
> 
> Paul
> 
> On 7/11/19, 2:14 PM, "jdk-updates-dev on behalf of Langer, Christoph" <jdk-
> updates-dev-bounces at openjdk.java.net on behalf of
> christoph.langer at sap.com> wrote:
> 
>     Ping...
> 
>     Can somebody please have a look at this backport? Regression testing
> shows no problems...
> 
>     Thanks
>     Christoph
> 
>     From: Langer, Christoph
>     Sent: Donnerstag, 4. Juli 2019 15:11
>     To: jdk-updates-dev at openjdk.java.net
>     Cc: security-dev <security-dev at openjdk.java.net>
>     Subject: [11u] RFR: 8216039: TLS with BC and RSASSA-PSS breaks
> ECDHServerKeyExchange
> 
>     Hi,
> 
>     please help reviewing the backport of JDK-8216039 to jdk11u-dev.
> 
>     Since predecessor patch JDK-8211122 could not be applied to JDK 11
> updates, some manual work is necessary.
> 
>     In src/java.base/share/classes/java/security/Signature.java and
> src/java.base/share/classes/sun/security/util/SignatureUtil.java the imports
> of jdk.internal.access have to be changed into jdk.internal.misc. The update
> that originally went to
> src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
> obviously needs to be applied to
> src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java. The new
> file
> src/java.base/share/classes/jdk/internal/access/JavaSecuritySignatureAcces
> s.java needs to be
> src/java.base/share/classes/jdk/internal/misc/JavaSecuritySignatureAccess.j
> ava in 11u.
> 
>     See the full webrev here:
> http://cr.openjdk.java.net/~clanger/webrevs/8216039.11u.full.0/
>     The webrev for manual changes only:
> http://cr.openjdk.java.net/~clanger/webrevs/8216039.11u.manual.0/
>     Original Bug: https://bugs.openjdk.java.net/browse/JDK-8216039
> 
>     Thanks
>     Christoph
> 
>

More information about the jdk-updates-dev mailing list