[16] RFR JDK-8172366: Support SHA-3 based signatures
Valerie Peng
valerie.peng at oracle.com
Tue Aug 18 21:45:01 UTC 2020
Thanks for the feedback~
Valerie
On 8/18/2020 1:30 PM, Jamil Nimeh wrote:
> From just a quick skimming across a few FIPS specs, it looks like DSA
> with SHA-3 seems worth including. FIPS 202 is designed to supplement
> the hash algs in 180-4, and Section 2.3 of 186-4 indicates that
> SHAx(M) is intended for those algs specified in 180 (and I assume by
> extension 202). Since there are OIDs in the NIST arc for
> dsa-with-sha3-nnn it seems like all the pieces have specification
> support. Seems like a good thing to do.
>
> --Jamil
>
> On 8/18/2020 1:11 PM, Valerie Peng wrote:
>>
>> Can someone help review this SHA-3 based signature support? Note that
>> changes to SunPKCS11 provider will be covered by a separate RFE
>> (JDK-8244154). Current webrev adds SHA-3 digest support to DSA, RSA,
>> ECDSA signature algorithms. I am a bit on the fence for the DSA
>> signature and am including it here mostly for completeness sake. Can
>> remove it if that's preferred. Comments?
>>
>> Will file a CSR for this once we reached consensus on whether to add
>> SHA-3 support to DSA signature.
>>
>> RFE: https://bugs.openjdk.java.net/browse/JDK-8172366
>>
>> Webrev: http://cr.openjdk.java.net/~valeriep/8172366/webrev.00/
>>
>> Thanks,
>> Valerie
More information about the security-dev
mailing list