[13] RFR JDK-8216039 "TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange"
Valerie Peng
valerie.peng at oracle.com
Mon Mar 25 20:58:23 UTC 2019
Based on the earlier internal discussion, here is a "backportable" fix
for JDK-8216039 "TLS with BC and RSASSA-PSS breaks
ECDHServerKeyExchange" which does not bear any public API change.
Existing JDK codes which uses PSS signature with parameters will call
the new internal JDK APIs which select the provider based on both key
and parameters. There is no provider-specific checking and it
accommodate the usage of the BouncyCastle FIPS provider for TLS and
other applications.
Default implementations of the new methods are provided, so existing JDK
crypto providers should continue to work without change. The default
impl also set the parameters before calling init() to avoid trigger the
known PSS behavior/issue in BC FIPS provider which leads to signature
interoperabilities.
As for making the JDK internal APIs public, I plan to file a separate
bug (and CCC) later if this approach is acceptable.
Bug: https://bugs.openjdk.java.net/browse/JDK-8216039
Webrev: http://cr.openjdk.java.net/~valeriep/8216039/webrev.00/
Mach5 result is clean.
Thanks,
Valerie
More information about the security-dev
mailing list