[16] RFR JDK-8172366: Support SHA-3 based signatures

Jamil Nimeh jamil.j.nimeh at oracle.com
Tue Aug 18 20:30:18 UTC 2020


 From just a quick skimming across a few FIPS specs, it looks like DSA 
with SHA-3 seems worth including.  FIPS 202 is designed to supplement 
the hash algs in 180-4, and Section 2.3 of 186-4 indicates that SHAx(M) 
is intended for those algs specified in 180 (and I assume by extension 
202).  Since there are OIDs in the NIST arc for dsa-with-sha3-nnn it 
seems like all the pieces have specification support.  Seems like a good 
thing to do.

--Jamil

On 8/18/2020 1:11 PM, Valerie Peng wrote:
>
> Can someone help review this SHA-3 based signature support? Note that 
> changes to SunPKCS11 provider will be covered by a separate RFE 
> (JDK-8244154). Current webrev adds SHA-3 digest support to DSA, RSA, 
> ECDSA signature algorithms. I am a bit on the fence for the DSA 
> signature and am including it here mostly for completeness sake. Can 
> remove it if that's preferred. Comments?
>
> Will file a CSR for this once we reached consensus on whether to add 
> SHA-3 support to DSA signature.
>
> RFE: https://bugs.openjdk.java.net/browse/JDK-8172366
>
> Webrev: http://cr.openjdk.java.net/~valeriep/8172366/webrev.00/
>
> Thanks,
> Valerie



More information about the security-dev mailing list