RFR[8u41]: MR 3 - ALPN & RSASSA-PSS in Java SE 8

Andrew John Hughes gnu.andrew at redhat.com
Tue Nov 19 01:28:23 UTC 2019



On 14/11/2019 02:05, Bradford Wetmore wrote:
> Xuelei/Valerie (+ any other codereviewers),
> 
> As announced on jdk8u-dev[1], there is a Maintenance Release in progress
> for Java SE 8 (i.e. JSR 337) [2] to include two security features
> important for TLS 1.3:
> 
> 1.  Application-Layer Protocol Negotiation (ALPN) [3][4]
> 2.  RSA Signature Scheme with Appendix: Probabilistic Signature Scheme
> (RSASSA-PSS) [5][6]
> 
> The Enhancement and CSR IDs are footnoted above/below.
> 
> To ensure compatibility across the active Java releases, we are
> backporting the APIs introduced in Java SE 9 and 11 respectively to Java
> SE 8.
> 
> This email is a Request For Review (RFR) of the two major pieces for
> this MR:
> 
> 1.  ALPN:
>     http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/ALPN
> 
> 2.  RSASSA-PSS:
>     http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/PSS
> 
> This includes the updates to the Specification and Reference
> Implementation (RI), which will be called JDK 8u41 [7].
> 
> Almost all of these changes are direct copies of the changesets applied
> in JDK 9+.
> 
> In addition to these features:
> 
> 1.  The file ADDITIONAL_LICENSE_INFO was added, which is identical to
> the same file in later releases.
> 
> 2.  Truncated MessageDigests (i.e. SHA-512/224, SHA-512/256) were added
> to the SUN Provider to support the corresponding truncated RSASSA-PSS
> Signatures.
> 
> Thanks,
> 
> Brad
> 
> [1]
> https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html
> [2] https://www.jcp.org/en/jsr/detail?id=337
> [3] https://bugs.openjdk.java.net/browse/JDK-8230977
> [4] https://bugs.openjdk.java.net/browse/JDK-8233417
> [5] https://bugs.openjdk.java.net/browse/JDK-8230978
> [6] https://bugs.openjdk.java.net/browse/JDK-8233418
> [7] http://hg.openjdk.java.net/jdk8u/jdk8u41/
> 

It's not clear which bug IDs these two webrevs apply to.

Note that changes for OpenJDK 8u require approval using the
jdk8u-fix-request label, as described at
https://wiki.openjdk.java.net/display/jdk8u/Main.

Thanks,
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
https://keybase.io/gnu_andrew

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20191119/962f0e76/signature.asc>


More information about the security-dev mailing list