[8u] TLSv1.3 RFR: 8245470: Fix JDK8 compatibility issues

Martin Balao mbalao at redhat.com
Fri May 29 18:41:16 UTC 2020 

On 5/21/20 10:33 AM, Alexey Bakhtin wrote:
> Please review changes required to backport TLSv1.3 protocol from JDK11.0.7 to JDK8u
> 

Hi,

A few questions and comments below:

 * I found several compilation errors. Isn't Step 3 supposed to be the
one that makes the code compile in JDK-8? In case it's not, I wish you
could clarify what are the expectations for Step 3 and where are will
these errors be addressed.

 * HandshakeContext.java

Why is casting needed in JDK-8 and not needed in JDK-11? (I was going to
check this myself compiling but found several compilation errors, and I
do not realize of the difference looking at the ByteBuffer API only). I
guess this question applies to SSLCipher.java, SSLSocketInputRecord.java
and SSLEngineInputRecord.java too.

 * HandshakeHash.java

This does not look good to me because we are loosing functionality that
was available in JDK-8 and is available in JDK-11. In particular, for
P11 sensitive keys we cannot extract the key bytes in plain (keyBytes
will be null indeed), but we can still use PKCS#11 primitives to get the
key digest [1]. In JDK-8, this was available here [2] [3]. Have you
considered using the JDK-11 MessageDigestSpi2 + Delegate approach?
Shouldn't involve any new public API [4].

 * JsseJce.java

Have you considered backporting SecurityConstants.java part of 8130181
[5] and use PROVIDER_VER in JsseJce.java

* SSLLogger.java

Can't we leverage on PlatformLogger values directly? For each value,
there should be a corresponding one. In case there is a good reason why
not, we might want to think of moving the code to a more reusable place.

 * RandomCookie.java / RenegoInfoExtension.java

Have you analyzed the performance implication of not having vectorized /
intrinsics for the comparison?

 * SSLSessionContextImpl.java

Can't we use GetPropertyAction::privilegedGetProperty?

 * X509TrustManagerImpl.java

Why is this change needed?

Thanks,
Martin.-

--
[1] -
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/c0dd958bb895/src/share/classes/sun/security/pkcs11/P11Digest.java#l236
[2] -
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/c0dd958bb895/src/share/classes/sun/security/ssl/HandshakeMessage.java#l1738
[3] -
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/c0dd958bb895/src/share/classes/sun/security/ssl/HandshakeMessage.java#l1784
[4] - https://bugs.openjdk.java.net/browse/JDK-8165275
[5] - http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/6c96af8a34b2#l12.1

More information about the jdk8u-dev mailing list