Integrated: 8242332: Add SHA3 support to SunPKCS11 provider

Valerie Peng valeriep at openjdk.java.net
Sat Dec 5 23:50:13 UTC 2020


On Tue, 1 Dec 2020 21:51:41 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> Could someone please help review this RFE? SunPKCS11 provider is updated with SHA-3 support, including MessageDigest, Hmac Mac, DSA/RSA/RSASSA-PSS/ECDSA Signature, and Hmac KeyGenerator.
> 
> As SHA-3 can be used as drop-in replacement for SHA-2 which are already supported by SunPKCS11 provider, the changes for MessageDigest, Mac, and Signature are straightforward. P11KeyGenerator class is updated to support general Hmac key generation including SHA-3 and more. 
> 
> While testing against NSS 3.57, there are some unexpected NSS errors with CKM_ECDSA_SHA[224/256/384/512/3_224/3_256/3_384/3_512] and CKM_DSA_SHA[224/256/384/512/3_224/3_256/3_384/3_512], so I disabled those mechanisms in the NSS config file for regression tests. For ECDSA signatures, SunPKCS11 provider will fallback to CKM_ECDSA and do the digesting ourselves.
> 
> Thanks,
> Valerie

This pull request has now been integrated.

Changeset: 78be334c
Author:    Valerie Peng <valeriep at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/78be334c
Stats:     1502 lines in 25 files changed: 883 ins; 465 del; 154 mod

8242332: Add SHA3 support to SunPKCS11 provider

Reviewed-by: xuelei

-------------

PR: https://git.openjdk.java.net/jdk/pull/1546



More information about the security-dev mailing list