[13] RFR JDK-8216039 "TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange"
Valerie Peng
valerie.peng at oracle.com
Fri Apr 5 23:17:53 UTC 2019
Ping, anyone has spare cycle?
Thanks,
Valerie
On 3/25/2019 1:58 PM, Valerie Peng wrote:
>
> Based on the earlier internal discussion, here is a "backportable" fix
> for JDK-8216039 "TLS with BC and RSASSA-PSS breaks
> ECDHServerKeyExchange" which does not bear any public API change.
> Existing JDK codes which uses PSS signature with parameters will call
> the new internal JDK APIs which select the provider based on both key
> and parameters. There is no provider-specific checking and it
> accommodate the usage of the BouncyCastle FIPS provider for TLS and
> other applications.
>
> Default implementations of the new methods are provided, so existing
> JDK crypto providers should continue to work without change. The
> default impl also set the parameters before calling init() to avoid
> trigger the known PSS behavior/issue in BC FIPS provider which leads
> to signature interoperabilities.
>
> As for making the JDK internal APIs public, I plan to file a separate
> bug (and CCC) later if this approach is acceptable.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8216039
> Webrev: http://cr.openjdk.java.net/~valeriep/8216039/webrev.00/
>
> Mach5 result is clean.
>
> Thanks,
>
> Valerie
>
>
>
>
More information about the security-dev
mailing list