[16] RFR JDK-8172366: Support SHA-3 based signatures

Valerie Peng valerie.peng at oracle.com
Tue Aug 18 21:45:01 UTC 2020


Thanks for the feedback~

Valerie

On 8/18/2020 1:30 PM, Jamil Nimeh wrote:
> From just a quick skimming across a few FIPS specs, it looks like DSA 
> with SHA-3 seems worth including.  FIPS 202 is designed to supplement 
> the hash algs in 180-4, and Section 2.3 of 186-4 indicates that 
> SHAx(M) is intended for those algs specified in 180 (and I assume by 
> extension 202).  Since there are OIDs in the NIST arc for 
> dsa-with-sha3-nnn it seems like all the pieces have specification 
> support.  Seems like a good thing to do.
>
> --Jamil
>
> On 8/18/2020 1:11 PM, Valerie Peng wrote:
>>
>> Can someone help review this SHA-3 based signature support? Note that 
>> changes to SunPKCS11 provider will be covered by a separate RFE 
>> (JDK-8244154). Current webrev adds SHA-3 digest support to DSA, RSA, 
>> ECDSA signature algorithms. I am a bit on the fence for the DSA 
>> signature and am including it here mostly for completeness sake. Can 
>> remove it if that's preferred. Comments?
>>
>> Will file a CSR for this once we reached consensus on whether to add 
>> SHA-3 support to DSA signature.
>>
>> RFE: https://bugs.openjdk.java.net/browse/JDK-8172366
>>
>> Webrev: http://cr.openjdk.java.net/~valeriep/8172366/webrev.00/
>>
>> Thanks,
>> Valerie


More information about the security-dev mailing list