8172366: Support SHA-3 based signatures

[valeriepeng]

Could someone please help review this RFE?

Enhance default JDK providers except SunPKCS11 with signatures using SHA-3 family of digests. SunPKCS11 provider will be updated separately (JDK-8242332).

This changes covers SUN, SunRsaSign, and SunEC providers. Changes are straightforward, just add SHA-3 digests to various signature algorithms.

Please review the corresponding CSR as well. It's at: https://bugs.openjdk.java.net/browse/JDK-8252260

Thanks!
Valerie

---

Progress

• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change must be properly reviewed

Issue

• JDK-8172366: Support SHA-3 based signatures

Reviewers

• Xue-Lei Andrew Fan (@XueleiFan - Reviewer) ⚠️ Review applies to 62fb5a3

Download

$ git fetch https://git.openjdk.java.net/jdk pull/102/head:pull/102
$ git checkout pull/102

[bridgekeeper]

👋 Welcome back valeriep! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@valeriepeng The following labels will be automatically applied to this pull request: core-libs security.

When this pull request is ready to be reviewed, an RFR email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label (add|remove) "label" command.

[valeriepeng]

/issue add 8172366

[openjdk]

@valeriepeng This issue is referenced in the PR title - it will now be updated.

[valeriepeng]

/csr needed

[openjdk]

@valeriepeng this pull request will not be integrated until the CSR request JDK-8252260 for issue JDK-8172366 has been approved.

[mlbridge]

Webrevs

• 04: Full - Incremental (1274c9b)
• 03: Full - Incremental (62fb5a3)
• 02: Full - Incremental (5a61f44)
• 01: Full - Incremental (01086f3)
• 00: Full (1be073b)

[valeriepeng]

/label remove core-libs

[openjdk]

@valeriepeng
The core-libs label was successfully removed.

[XueleiFan]

Do you want to list the "inP1363Format" SHA3 algorithms in the "Java Security Standard Algorithm Names" documentation in this CSR?

[valeriepeng]

Do you want to list the "inP1363Format" SHA3 algorithms in the "Java Security Standard Algorithm Names" documentation in this CSR?

Yes, I will do that. Thanks~

[XueleiFan]

Looks good to me,

[openjdk]

@valeriepeng This change now passes all automated pre-integration checks. In addition to the automated checks, the change must also fulfill all project specific requirements

After integration, the commit message will be:

8172366: Support SHA-3 based signatures

Enhance default JDK providers including SUN, SunRsaSign, and SunEC, with signatures using SHA-3 family of digests.

Reviewed-by: xuelei

• If you would like to add a summary, use the /summary command.
• To credit additional contributors, use the /contributor command.
• To add additional solved issues, use the /issue command.

Since the source branch of this PR was last updated there have been 193 commits pushed to the master branch:

• 46598c8: 8253177: outputStream not declared in markWord.hpp
• 5191f31: 8251495: Remove the implNote in the DOM package description added by JDK-8249643
• 65d6c10: 8252933: com.sun.tools.jdi.ObjectReferenceImpl#validateAssignment always requests referenceType
• 74851c5: 8253169: [BACKOUT] Improve large object handling during evacuation
• b5620a3: 8253155: Minor cleanups and Javadoc fixes for LdapDnsProvider of java.naming
• d219d8b: 8253002: Remove the unused SafePointNode::_oop_map field
• dafcf10: 8027545: Improve object array chunking test in G1's copy_to_survivor_space
• 7eb4d4a: 8247909: Improve PrimitiveConversions::cast using C++14
• fa30241: 8249676: [REDO] G1 incorrectly limiting young gen size when using the reserve can result in repeated full gcs
• 9ea43a9: 8253148: Fix terminology in align_down comment
• ... and 183 more: https://git.openjdk.java.net/jdk/compare/edf36d90c30b03e64d1b20c5213460ee760fed70...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid automatic rebasing, please merge master into your branch, and then specify the current head hash when integrating, like this: /integrate 46598c8644a5e300cd622c66336fd3e261d4b68a.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[XueleiFan]

Looks good.

[seanjmullan]

The new constants in MGF1ParameterSpec.java should have "@SInCE 16".

[valeriepeng]

/summary Enhance default JDK providers including SUN, SunRsaSign, and SunEC, with signatures using SHA-3 family of digests.

[openjdk]

@valeriepeng Setting summary to Enhance default JDK providers including SUN, SunRsaSign, and SunEC, with signatures using SHA-3 family of digests.

[valeriepeng]

/integrate

[openjdk]

@valeriepeng Since your change was applied there have been 193 commits pushed to the master branch:

• 46598c8: 8253177: outputStream not declared in markWord.hpp
• 5191f31: 8251495: Remove the implNote in the DOM package description added by JDK-8249643
• 65d6c10: 8252933: com.sun.tools.jdi.ObjectReferenceImpl#validateAssignment always requests referenceType
• 74851c5: 8253169: [BACKOUT] Improve large object handling during evacuation
• b5620a3: 8253155: Minor cleanups and Javadoc fixes for LdapDnsProvider of java.naming
• d219d8b: 8253002: Remove the unused SafePointNode::_oop_map field
• dafcf10: 8027545: Improve object array chunking test in G1's copy_to_survivor_space
• 7eb4d4a: 8247909: Improve PrimitiveConversions::cast using C++14
• fa30241: 8249676: [REDO] G1 incorrectly limiting young gen size when using the reserve can result in repeated full gcs
• 9ea43a9: 8253148: Fix terminology in align_down comment
• ... and 183 more: https://git.openjdk.java.net/jdk/compare/edf36d90c30b03e64d1b20c5213460ee760fed70...master

Your commit was automatically rebased without conflicts.

Pushed as commit 4020682.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

[valeriepeng]

The new constants in MGF1ParameterSpec.java should have "@SInCE 16".

Yes, made the change in last commit.