RFR JDK-8172366: Support SHA-3 based signatures
jamil.j.nimeh at oracle.com
Tue Aug 18 20:30:18 UTC 2020
From just a quick skimming across a few FIPS specs, it looks like DSA
with SHA-3 seems worth including. FIPS 202 is designed to supplement
the hash algs in 180-4, and Section 2.3 of 186-4 indicates that SHAx(M)
is intended for those algs specified in 180 (and I assume by extension
202). Since there are OIDs in the NIST arc for dsa-with-sha3-nnn it
seems like all the pieces have specification support. Seems like a good
thing to do.
On 8/18/2020 1:11 PM, Valerie Peng wrote:
> Can someone help review this SHA-3 based signature support? Note that
> changes to SunPKCS11 provider will be covered by a separate RFE
> (JDK-8244154). Current webrev adds SHA-3 digest support to DSA, RSA,
> ECDSA signature algorithms. I am a bit on the fence for the DSA
> signature and am including it here mostly for completeness sake. Can
> remove it if that's preferred. Comments?
> Will file a CSR for this once we reached consensus on whether to add
> SHA-3 support to DSA signature.
> RFE: https://bugs.openjdk.java.net/browse/JDK-8172366
> Webrev: http://cr.openjdk.java.net/~valeriep/8172366/webrev.00/
More information about the security-dev