[11u] RFR: 8153005: Upgrade the default PKCS12 encryption/MAC algorithms
Doerr, Martin
martin.doerr at sap.com
Fri Apr 30 16:34:08 UTC 2021
Hi,
JDK-8153005 is backported to 11.0.12-oracle. I'd like to backport it for parity.
It doesn't apply cleanly.
Bug:
https://bugs.openjdk.java.net/browse/JDK-8153005
CSR covering 11u:
https://bugs.openjdk.java.net/browse/JDK-8228481
Original change:
https://github.com/openjdk/jdk/commit/f77a6585
11u rejected hunks:
http://cr.openjdk.java.net/~mdoerr/8153005_PKCS12_11u/8153005_PKCS12_rej.txt
Resolution:
- Regular code is trivial to resolve, but the tests are tricky and the hunks were mostly integrated manually.
- Introduce test/lib/jdk/test/lib/KnownOIDs.java as copy from jdk head src/java.base/share/classes/sun/security/util/KnownOIDs.java with last change from Oct 2020. Put into package jdk.test.lib and using System.out as debug output stream. This should make future backports easier, too.
- DerUtils.java: ObjectIdentifier interface is diffent in 11u (different constructors).
- Hunks in GenerateAll.java were skipped because the affected code is not in 11u (JDK-8242068).
11u backport:
http://cr.openjdk.java.net/~mdoerr/8153005_PKCS12_11u/webrev.00/
Please review.
Best regards,
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210430/d9ea6a5a/attachment.htm>
More information about the security-dev
mailing list