Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8172366: Support SHA-3 based signatures #102

Closed
wants to merge 5 commits into from

Conversation

valeriepeng
Copy link

@valeriepeng valeriepeng commented Sep 10, 2020

Could someone please help review this RFE?

Enhance default JDK providers except SunPKCS11 with signatures using SHA-3 family of digests. SunPKCS11 provider will be updated separately (JDK-8242332).

This changes covers SUN, SunRsaSign, and SunEC providers. Changes are straightforward, just add SHA-3 digests to various signature algorithms.

Please review the corresponding CSR as well. It's at: https://bugs.openjdk.java.net/browse/JDK-8252260

Thanks!
Valerie


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

Reviewers

Download

$ git fetch https://git.openjdk.java.net/jdk pull/102/head:pull/102
$ git checkout pull/102

Enhance default JDK providers except SunPKCS11 with signatures using SHA-3 family of digests
@bridgekeeper
Copy link

bridgekeeper bot commented Sep 10, 2020

👋 Welcome back valeriep! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot added the rfr Pull request is ready for review label Sep 10, 2020
@openjdk
Copy link

openjdk bot commented Sep 10, 2020

@valeriepeng The following labels will be automatically applied to this pull request: core-libs security.

When this pull request is ready to be reviewed, an RFR email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label (add|remove) "label" command.

@openjdk openjdk bot added security security-dev@openjdk.org core-libs core-libs-dev@openjdk.org labels Sep 10, 2020
@valeriepeng
Copy link
Author

/issue add 8172366

@openjdk
Copy link

openjdk bot commented Sep 10, 2020

@valeriepeng This issue is referenced in the PR title - it will now be updated.

@valeriepeng
Copy link
Author

/csr needed

@openjdk openjdk bot added the csr Pull request needs approved CSR before integration label Sep 10, 2020
@openjdk
Copy link

openjdk bot commented Sep 10, 2020

@valeriepeng this pull request will not be integrated until the CSR request JDK-8252260 for issue JDK-8172366 has been approved.

@mlbridge
Copy link

mlbridge bot commented Sep 10, 2020

Webrevs

@valeriepeng
Copy link
Author

/label remove core-libs

@openjdk openjdk bot removed the core-libs core-libs-dev@openjdk.org label Sep 10, 2020
@openjdk
Copy link

openjdk bot commented Sep 10, 2020

@valeriepeng
The core-libs label was successfully removed.

@XueleiFan
Copy link
Member

XueleiFan commented Sep 10, 2020

Do you want to list the "inP1363Format" SHA3 algorithms in the "Java Security Standard Algorithm Names" documentation in this CSR?

@valeriepeng
Copy link
Author

Do you want to list the "inP1363Format" SHA3 algorithms in the "Java Security Standard Algorithm Names" documentation in this CSR?

Yes, I will do that. Thanks~

Amended class javadoc with P1363 support and added javadoc for the new static classes.
@openjdk openjdk bot removed the rfr Pull request is ready for review label Sep 14, 2020
Updated the KnownOIDs lookup code inside validateSigParams to check for unsupported digest algorithms.
Changed checkKeyLength() to throw InvalidKeyException instead of SignatureException and adjusted caller code accordingly.
Removed the trailing white spaces in previous update.
@openjdk openjdk bot added the rfr Pull request is ready for review label Sep 15, 2020
Copy link
Member

@XueleiFan XueleiFan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me,

@openjdk
Copy link

openjdk bot commented Sep 15, 2020

@valeriepeng This change now passes all automated pre-integration checks. In addition to the automated checks, the change must also fulfill all project specific requirements

After integration, the commit message will be:

8172366: Support SHA-3 based signatures

Enhance default JDK providers including SUN, SunRsaSign, and SunEC, with signatures using SHA-3 family of digests.

Reviewed-by: xuelei
  • If you would like to add a summary, use the /summary command.
  • To credit additional contributors, use the /contributor command.
  • To add additional solved issues, use the /issue command.

Since the source branch of this PR was last updated there have been 193 commits pushed to the master branch:

  • 46598c8: 8253177: outputStream not declared in markWord.hpp
  • 5191f31: 8251495: Remove the implNote in the DOM package description added by JDK-8249643
  • 65d6c10: 8252933: com.sun.tools.jdi.ObjectReferenceImpl#validateAssignment always requests referenceType
  • 74851c5: 8253169: [BACKOUT] Improve large object handling during evacuation
  • b5620a3: 8253155: Minor cleanups and Javadoc fixes for LdapDnsProvider of java.naming
  • d219d8b: 8253002: Remove the unused SafePointNode::_oop_map field
  • dafcf10: 8027545: Improve object array chunking test in G1's copy_to_survivor_space
  • 7eb4d4a: 8247909: Improve PrimitiveConversions::cast using C++14
  • fa30241: 8249676: [REDO] G1 incorrectly limiting young gen size when using the reserve can result in repeated full gcs
  • 9ea43a9: 8253148: Fix terminology in align_down comment
  • ... and 183 more: https://git.openjdk.java.net/jdk/compare/edf36d90c30b03e64d1b20c5213460ee760fed70...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid automatic rebasing, please merge master into your branch, and then specify the current head hash when integrating, like this: /integrate 46598c8644a5e300cd622c66336fd3e261d4b68a.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

Copy link
Member

@XueleiFan XueleiFan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@openjdk openjdk bot added ready Pull request is ready to be integrated and removed csr Pull request needs approved CSR before integration labels Sep 15, 2020
Copy link
Member

@seanjmullan seanjmullan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new constants in MGF1ParameterSpec.java should have "@SInCE 16".

@valeriepeng
Copy link
Author

/summary Enhance default JDK providers including SUN, SunRsaSign, and SunEC, with signatures using SHA-3 family of digests.

@openjdk
Copy link

openjdk bot commented Sep 15, 2020

@valeriepeng Setting summary to Enhance default JDK providers including SUN, SunRsaSign, and SunEC, with signatures using SHA-3 family of digests.

Added "@SInCE 16" to the new SHA-3 constants.
@valeriepeng
Copy link
Author

/integrate

@openjdk openjdk bot closed this Sep 15, 2020
@openjdk openjdk bot added integrated Pull request has been integrated and removed ready Pull request is ready to be integrated labels Sep 15, 2020
@openjdk
Copy link

openjdk bot commented Sep 15, 2020

@valeriepeng Since your change was applied there have been 193 commits pushed to the master branch:

  • 46598c8: 8253177: outputStream not declared in markWord.hpp
  • 5191f31: 8251495: Remove the implNote in the DOM package description added by JDK-8249643
  • 65d6c10: 8252933: com.sun.tools.jdi.ObjectReferenceImpl#validateAssignment always requests referenceType
  • 74851c5: 8253169: [BACKOUT] Improve large object handling during evacuation
  • b5620a3: 8253155: Minor cleanups and Javadoc fixes for LdapDnsProvider of java.naming
  • d219d8b: 8253002: Remove the unused SafePointNode::_oop_map field
  • dafcf10: 8027545: Improve object array chunking test in G1's copy_to_survivor_space
  • 7eb4d4a: 8247909: Improve PrimitiveConversions::cast using C++14
  • fa30241: 8249676: [REDO] G1 incorrectly limiting young gen size when using the reserve can result in repeated full gcs
  • 9ea43a9: 8253148: Fix terminology in align_down comment
  • ... and 183 more: https://git.openjdk.java.net/jdk/compare/edf36d90c30b03e64d1b20c5213460ee760fed70...master

Your commit was automatically rebased without conflicts.

Pushed as commit 4020682.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@openjdk openjdk bot removed the rfr Pull request is ready for review label Sep 15, 2020
@valeriepeng
Copy link
Author

The new constants in MGF1ParameterSpec.java should have "@SInCE 16".

Yes, made the change in last commit.

robehn added a commit to robehn/jdk that referenced this pull request Aug 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated Pull request has been integrated security security-dev@openjdk.org
3 participants