RFR[8u252] - MR3 - ALPN & RSASSA-PSS in Java SE 8

Andrew John Hughes gnu.andrew at redhat.com
Wed Jan 29 07:14:22 UTC 2020



On 28/01/2020 21:00, Bradford Wetmore wrote:
> Good morning/afternoon/evening/night,
> 
> As announced on jdk8u-dev[1], there is a Maintenance Release in progress
> for Java SE 8 (i.e. JSR 337) [2] to include two security features
> important for TLS 1.3:
> 
> 1.  Application-Layer Protocol Negotiation (ALPN) [3][4]
> 2.  RSA Signature Scheme with Appendix: Probabilistic Signature Scheme
> (RSASSA-PSS) [5][6]
> 
> As mentioned in [1], if it wasn't too much work then we would like to
> contribute the changes required by this MR to the next appropriate
> OpenJDK 8 release, most likely 8u252.
> 
> Now that the MR3 balloting successfully concluded last night, I'd like
> to make that happen, and move the code into review.
> 
> The code is essentially what was reviewed for 8u41[7][8] and internally
> for what we expect to be in Oracle's 8u251 JDK, except the code in this
> review is based on the current JDK 8u workspace.  We also included code
> to allow the Windows platform to use PSS natively.
> 
> The specific bugs/backports (requested by the JDK8u maintainers) follow:
> 
> ALPN:
> =====
> 8230977: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation
> Extension (Java SE 8)
> 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation
> Extension
> 8170282: Enable ALPN parameters to be supplied during the TLS handshake
> 8145849: ALPN: getHandshakeApplicationProtocol() always return null
> 8158978: ALPN not working when values are set directly on a SSLServerSocket
> 8171443: (spec) An ALPN callback function may also ignore ALPN
> 
> RSASSA-PSS:
> ===========
> 8230978: Add support for RSASSA-PSS Signature algorithm (Java SE 8)
> 8175029: StackOverflowError in X509CRL and
> X509Certificate.verify(PublicKey, Provider)
> 8146293: Add support for RSASSA-PSS Signature algorithm
> 8205445: Add RSASSA-PSS Signature support to SunMSCAPI
> 8205720: KeyFactory#getKeySpec and translateKey throws
> NullPointerException with Invalid key
> 8206171: Signature#getParameters for RSASSA-PSS throws ProviderException
> when not initialized
> 8213009: Refactoring existing SunMSCAPI classes
> 8213010: Supporting keys created with certmgr.exe
> 8214096: sun.security.util.SignatureUtil passes null parameter, so JCE
> validation fails
> 8215694: keytool cannot generate RSASSA-PSS certificates
> 8221407: Windows 32bit build error in libsunmscapi/security.cpp
> 8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
> 8223003: SunMSCAPI keys are not cleaned up
> 8223063: Support CNG RSA keys
> 8225745: NoSuchAlgorithmException exception for SHA256withECDSA with
> RSASSA-PSS support
> 8225180: SignedObject with invalid Key not throwing the
> InvalidKeyException in Windows
> 8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as
> AlgorithmId
> Reviewed-by: valeriep, weijun, coffeys, pkoppula
> 
> Here are the reviews:
> 
> 1.  ALPN:
>      http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u252/ALPN
> 
> 2.  RSASSA-PSS:
>      http://cr.openjdk.java.net/~wetmore/MR3-codereview-8u252/PSS
> 
> Most of these changes are direct copies of the changesets applied
> in JDK 9+, but adjusted for JDK 8u.
> 
> Also, truncated MessageDigests (i.e. SHA-512/224, SHA-512/256) were
> added to the SUN Provider to support the corresponding truncated
> RSASSA-PSS Signatures.
> 
> Thanks,
> 
> Brad
> 
> [1]
> https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html
> [2] https://www.jcp.org/en/jsr/detail?id=337
> [3] https://bugs.openjdk.java.net/browse/JDK-8230977
> [4] https://bugs.openjdk.java.net/browse/JDK-8233417
> [5] https://bugs.openjdk.java.net/browse/JDK-8230978
> [6] https://bugs.openjdk.java.net/browse/JDK-8233418
> [7]
> https://mail.openjdk.java.net/pipermail/security-dev/2019-November/020900.html
> 
> [8] http://hg.openjdk.java.net/jdk8u/jdk8u41/
> 
> 

Thanks for posting these. I'll look over them in detail tomorrow and
compare with the 9+ changesets listed. It would have been preferable to
handle each backport individually, but I appreciate that it's more
expedient to handle them in bulk when porting from 8u41.

Thanks again,
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
https://keybase.io/gnu_andrew

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20200129/2adb4ec6/signature-0001.asc>


More information about the security-dev mailing list