Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4175

EJBCA Enterprise: JDK patches for RSAWithMGF1 not working on newer java

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      The JDK patches available in svn
      https://svn.cesecore.eu/svn/primekey/jdkpatches

      Does not seem to work for newer java versions. The rsassa-pss/rhel-6.5-openjdk-7_v55 fails TestPSS, and does not work with EJBCA either.

      The structure in svn is a bit of a mess and should be cleaned up, I would like:

      • One single directory for SHA224WithECDSA and SHAXXWithRSAAndMGF1 (the patches affecting sunpkcs11.jar).
      • Remove old, redundant directories
      • Subdirectories for different versions of OpenJDK with source diff and binary files
      • If there are differences between distributions (i.e. RHEL/Ubuntu) this could be kept in the directory for the JDK version.
      • One test tool for MGF1 and SHA224WithECDSA, currently the TestPSS tools is great for testing the MGF1 support.

      Prio 1 support would be SHAXXWithRSAAndMGF1 for Ubuntu 14.04.
      Prio 2 would be SHAXXWithRSAAndMGF1 for RHEL 6.5.
      (can they be same, I think they use same subversion of JDK, i.e. 1.7.0_75 right now).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lars Lars Silvén
                Reporter:
                tomas Tomas Gustavsson
                Verified by:
                Tomas Gustavsson
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: