[13] RFR JDK-8216039 "TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange"

Valerie Peng valerie.peng at oracle.com
Fri Apr 5 23:17:53 UTC 2019


Ping, anyone has spare cycle?

Thanks,
Valerie
On 3/25/2019 1:58 PM, Valerie Peng wrote:
>
> Based on the earlier internal discussion, here is a "backportable" fix 
> for JDK-8216039 "TLS with BC and RSASSA-PSS breaks 
> ECDHServerKeyExchange" which does not bear any public API change. 
> Existing JDK codes which uses PSS signature with parameters will call 
> the new internal JDK APIs which select the provider based on both key 
> and parameters. There is no provider-specific checking and it 
> accommodate the usage of the BouncyCastle FIPS provider for TLS and 
> other applications.
>
> Default implementations of the new methods are provided, so existing 
> JDK crypto providers should continue to work without change. The 
> default impl also set the parameters before calling init() to avoid 
> trigger the known PSS behavior/issue in BC FIPS provider which leads 
> to signature interoperabilities.
>
> As for making the JDK internal APIs public, I plan to file a separate 
> bug (and CCC) later if this approach is acceptable.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8216039
> Webrev: http://cr.openjdk.java.net/~valeriep/8216039/webrev.00/
>
> Mach5 result is clean.
>
> Thanks,
>
> Valerie
>
>
>
>



More information about the security-dev mailing list