-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8274471: Add support for RSASSA-PSS in OCSP Response #1891
Conversation
…11u-dev into backport-8179503
👋 Welcome back apavlyutkin! A progress list of the required criteria for merging this PR into |
This backport pull request has now been updated with issue from the original commit. |
Webrevs
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not an expert in this area, but the backport looks good, including the addition of a big chunk of code in SignatureUtil.java from JDK-8242068, which latter is huge and would anyway require a spec change.
Actually I'm not sure about EdDSA related delta, it's does not seem necessary for RSASSA-PSS support, and moreover original patch does not have these changes openjdk/jdk@f63c4a8#diff-0393704a5343769f4ef9fa23b6fe9107d0ff96c17c078c30a05ef3be6c7d2304 but for some reason Git transfers them on |
If it works without the EdDSA code, then don't include the latter. |
The parent pull request that this pull request depends on has been closed without being integrated and the target branch of this pull request has been updated as the previous branch was deleted. This means that changes from the parent pull request will start to show up in this pull request. If closing the parent pull request was done in error, it will need to be re-opened and this pull request will need to manually be retargeted again. |
@apavlyutkin This change now passes all automated pre-integration checks. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 18 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@phohensee) but any other Committer may sponsor as well. ➡️ To flag this PR as ready for integration with the above commit message, type |
|
#1918 raised to replace this one |
Hi!
Here is backport of JDK-8274471 adding support of RSASSA-PSS signature to OCSP Response. Original patch applied with the following changes
src/java.base/share/classes/sun/security/provider/certpath/OCSP.java
java.security.cert.TrustAnchor
andsun.security.validator.Validator
packages didn't removed cuz they are still in use;java.nio.charset.StandardCharsets.UTF_8
promotingUTF_8
constant;src/java.base/share/classes/sun/security/util/SignatureUtil.java
sun.security.x509.AlgorithmId
package;EdEC
related code droppedSignatureUtil.autoInitInternal()
method updated to useAlgorithmId.getDefaultAlgorithmParameterSpec()
instead of almost identicalSignatureUtil.getDefaultParamSpec()
src/java.base/share/classes/sun/security/x509/AlgorithmId.java
public byte[] getEncodedParams()
does not throw anymoretest/jdk/java/security/testlibrary/CertificateBuilder.java
test/jdk/java/security/testlibrary/SimpleOCSPServer.java
sun.security.util.SignatureUtil
packageVerification/regression (amd64/LTS 20.04):
jdk_security
including updated testsProgress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/1891/head:pull/1891
$ git checkout pull/1891
Update a local copy of the PR:
$ git checkout pull/1891
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/1891/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 1891
View PR using the GUI difftool:
$ git pr show -t 1891
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/1891.diff
Webrev
Link to Webrev Comment