Re: [11u]: RFR: Backport of 8215694: keytool cannot generate RSASSA-PSS certificates

Fri, 12 Jul 2019 09:48:53 -0700 

In CertAndKeyGen.java, does generate() need a throws declaration? Otherwise 
looks good.

We've been talking about backporting patches with CSRs and have done at least 
one. Imo, 8076190 and 8213400 are good backport candidates since the spec 
changes are minor.

Thanks,

Paul

On 6/28/19, 12:33 AM, "jdk-updates-dev on behalf of Langer, Christoph" 
<jdk-updates-dev-boun...@openjdk.java.net on behalf of 
christoph.lan...@sap.com> wrote:

    Hi again,
    
    I had to make some additions to get the test 
sun/security/tools/keytool/PSS.java to work.
    
    Firstly, I had to include the testlibrary utility class 
'test/lib/jdk/test/lib/security/DerUtils.java' from the change for JDK-8076190. 
Then I had to add some code to 
src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java from 
JDK-8213400 to tolerate a keyBits value of -1. This is exercised in the PSS 
test when keytool is called with "-genkeypair -keyalg RSASSA-PSS -sigalg 
RSASSA-PSS" without specifying the -keysize parameter.
    
    Backporting JDK-8076190 or JDK-8213400 over to JDK11 is not possible due to 
their nature (CSR attached, behavioral change).
    
    The webrevs were updated in-place:
    
    http://cr.openjdk.java.net/~clanger/webrevs/8215694.11u.full.0/
    http://cr.openjdk.java.net/~clanger/webrevs/8215694.11u.manual.0/
    
    
    /Christoph
    
    > -----Original Message-----
    > From: jdk-updates-dev <jdk-updates-dev-boun...@openjdk.java.net> On
    > Behalf Of Langer, Christoph
    > Sent: Mittwoch, 26. Juni 2019 17:30
    > To: jdk-updates-...@openjdk.java.net
    > Cc: security-dev <security-dev@openjdk.java.net>
    > Subject: [CAUTION] [11u]: RFR: Backport of 8215694: keytool cannot
    > generate RSASSA-PSS certificates
    > 
    > Hi,
    > 
    > please help reviewing the backport of JDK- 8215694: keytool cannot 
generate
    > RSASSA-PSS certificates. The patch doesn't apply cleanly but the rejects 
are
    > only minor. The Item is needed as prerequisite to apply JDK-8216039.
    > 
    > Bug: https://bugs.openjdk.java.net/browse/JDK-8215694
    > Original Change: http://hg.openjdk.java.net/jdk/jdk12/rev/bdb29aa5fd31
    > Rejects when applying original change:
    > http://cr.openjdk.java.net/~clanger/webrevs/8215694.rejects.patch
    > Full Webrev:
    > http://cr.openjdk.java.net/~clanger/webrevs/8215694.11u.full.0/
    > Incremental Webrev of added modifications:
    > http://cr.openjdk.java.net/~clanger/webrevs/8215694.11u.manual.0/
    > 
    > Thanks
    > Christoph

Reply via email to