RFR[8u41]: MR 3 - ALPN & RSASSA-PSS in Java SE 8

Bradford Wetmore bradford.wetmore at oracle.com
Wed Nov 20 23:48:00 UTC 2019


Hi Andrew,

There are two phases for the MR:

1.  We must show the API/changes are implementable by providing a 
Reference Implementation (RI) and corresponding TCK tests.  These 
codereviews are for the RI.

2.  From Iris' email [1]:

     If it's not too much work then we'll also contribute the changes
     required by the MR to the next appropriate OpenJDK 8 release, most
     likely 8u252...

If we can contribute these changes to OpenJDK, we will use the 
jdk8u-fix-request label at that time.

 >>
 >> [4] https://bugs.openjdk.java.net/browse/JDK-8233417

 >> [6] https://bugs.openjdk.java.net/browse/JDK-8233418
 >> [7] http://hg.openjdk.java.net/jdk8u/jdk8u41/
 >>
 >
 > It's not clear which bug IDs these two webrevs apply to.

ALPN:  https://bugs.openjdk.java.net/browse/JDK-8230977
PSS:   https://bugs.openjdk.java.net/browse/JDK-8230978

Thanks,

Brad

[1] 
https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html



On 11/18/2019 5:28 PM, Andrew John Hughes wrote:
> 
> 
> On 14/11/2019 02:05, Bradford Wetmore wrote:
>> Xuelei/Valerie (+ any other codereviewers),
>>
>> As announced on jdk8u-dev[1], there is a Maintenance Release in progress
>> for Java SE 8 (i.e. JSR 337) [2] to include two security features
>> important for TLS 1.3:
>>
>> 1.  Application-Layer Protocol Negotiation (ALPN) [3][4]
>> 2.  RSA Signature Scheme with Appendix: Probabilistic Signature Scheme
>> (RSASSA-PSS) [5][6]
>>
>> The Enhancement and CSR IDs are footnoted above/below.
>>
>> To ensure compatibility across the active Java releases, we are
>> backporting the APIs introduced in Java SE 9 and 11 respectively to Java
>> SE 8.
>>
>> This email is a Request For Review (RFR) of the two major pieces for
>> this MR:
>>
>> 1.  ALPN:
>>      http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/ALPN
>>
>> 2.  RSASSA-PSS:
>>      http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u41/open/PSS
>>
>> This includes the updates to the Specification and Reference
>> Implementation (RI), which will be called JDK 8u41 [7].
>>
>> Almost all of these changes are direct copies of the changesets applied
>> in JDK 9+.
>>
>> In addition to these features:
>>
>> 1.  The file ADDITIONAL_LICENSE_INFO was added, which is identical to
>> the same file in later releases.
>>
>> 2.  Truncated MessageDigests (i.e. SHA-512/224, SHA-512/256) were added
>> to the SUN Provider to support the corresponding truncated RSASSA-PSS
>> Signatures.
>>
>> Thanks,
>>
>> Brad
>>
>> [1]
>> https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html
>> [2] https://www.jcp.org/en/jsr/detail?id=337
>> [3] https://bugs.openjdk.java.net/browse/JDK-8230977
>> [4] https://bugs.openjdk.java.net/browse/JDK-8233417
>> [5] https://bugs.openjdk.java.net/browse/JDK-8230978
>> [6] https://bugs.openjdk.java.net/browse/JDK-8233418
>> [7] http://hg.openjdk.java.net/jdk8u/jdk8u41/
>>
> 
> It's not clear which bug IDs these two webrevs apply to.
> 
> Note that changes for OpenJDK 8u require approval using the
> jdk8u-fix-request label, as described at
> https://wiki.openjdk.java.net/display/jdk8u/Main.
> 
> Thanks,
> 



More information about the security-dev mailing list