-
Enhancement
-
Resolution: Fixed
-
P2
-
None
-
b02
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8239034 | openjdk8u252 | Bradford Wetmore | P2 | Resolved | Fixed | b03 |
| JDK-8238053 | 8u261 | Bradford Wetmore | P2 | Resolved | Fixed | b01 |
| JDK-8238786 | 8u251 | Bradford Wetmore | P2 | Closed | Fixed | b04 |
| JDK-8246922 | emb-8u261 | Bradford Wetmore | P2 | Resolved | Fixed | team |
| JDK-8239729 | emb-8u251 | Bradford Wetmore | P2 | Resolved | Fixed | team |
PKCS#1 v2.2 (RFC 8017) provides recommendations for the implementation of public-key cryptography based on the RSA algorithm [RSA].
Existing Java SE security APIs and JDK crypto providers support most but not all algorithms in PKCS#1 and need to be updated to support PKCS#1 v2.2.
This enhancement was made to Java SE 11. To preserve compatibility with newer platform releases, the Java SE 11 RSASSA-PSS APIs will be backported to Java SE 8.
Solution
--------
- Update all PKCS#1 v2.1 references with the PKCS#1 v2.2 standard and
its ASN.1 syntax
- Enhance existing RSA-related classes for supporting RSASSA-PSS keys
which may contain parameters
- Add RSASSA-PSS (Probabilistic Signature Scheme) implementation
support to SunRsaSign provider
- Add the support of SHA-512/224 and SHA-512/256 digests.
- Add the support of SHA-512/224 and SHA-512/256 digests to the
OAEPPadding impl of RSA Cipher implementation in SunJCE provider
There are 7 changesets that should be backported to provide this
feature: 2 API and 5 minor bug fixes:
APIs
JDK-8146293: Add support for RSASSA-PSS Signature algorithm
JDK-8206171: Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized
Bug Fixes
JDK-8214096: sun.security.util.SignatureUtil passes null parameter, so JCE validation fails
JDK-8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
Fixes toJDK-8146293 to accommodate Bouncy Castle behavior
JDK-8225745: NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support
Fix forJDK-8146293 to handle non-null EC parameters
JDK-8215694: keytool cannot generate RSASSA-PSS certificates
JDK-8205720: KeyFactory#getKeySpec and translateKey throws NullPointerException with Invalid key
Existing Java SE security APIs and JDK crypto providers support most but not all algorithms in PKCS#1 and need to be updated to support PKCS#1 v2.2.
This enhancement was made to Java SE 11. To preserve compatibility with newer platform releases, the Java SE 11 RSASSA-PSS APIs will be backported to Java SE 8.
Solution
--------
- Update all PKCS#1 v2.1 references with the PKCS#1 v2.2 standard and
its ASN.1 syntax
- Enhance existing RSA-related classes for supporting RSASSA-PSS keys
which may contain parameters
- Add RSASSA-PSS (Probabilistic Signature Scheme) implementation
support to SunRsaSign provider
- Add the support of SHA-512/224 and SHA-512/256 digests.
- Add the support of SHA-512/224 and SHA-512/256 digests to the
OAEPPadding impl of RSA Cipher implementation in SunJCE provider
There are 7 changesets that should be backported to provide this
feature: 2 API and 5 minor bug fixes:
APIs
Bug Fixes
Fixes to
Fix for
- backported by
-
JDK-8238053 Add support for RSASSA-PSS Signature algorithm (Java SE 8)
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
- csr for
-
JDK-8233418 Add support for RSASSA-PSS Signature algorithm (Java SE 8)
-
- Closed
-
(1 csr for)