Hi again, I had to make some additions to get the test sun/security/tools/keytool/PSS.java to work.
Firstly, I had to include the testlibrary utility class 'test/lib/jdk/test/lib/security/DerUtils.java' from the change for JDK-8076190. Then I had to add some code to src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java from JDK-8213400 to tolerate a keyBits value of -1. This is exercised in the PSS test when keytool is called with "-genkeypair -keyalg RSASSA-PSS -sigalg RSASSA-PSS" without specifying the -keysize parameter. Backporting JDK-8076190 or JDK-8213400 over to JDK11 is not possible due to their nature (CSR attached, behavioral change). The webrevs were updated in-place: http://cr.openjdk.java.net/~clanger/webrevs/8215694.11u.full.0/ http://cr.openjdk.java.net/~clanger/webrevs/8215694.11u.manual.0/ /Christoph > -----Original Message----- > From: jdk-updates-dev <jdk-updates-dev-boun...@openjdk.java.net> On > Behalf Of Langer, Christoph > Sent: Mittwoch, 26. Juni 2019 17:30 > To: jdk-updates-...@openjdk.java.net > Cc: security-dev <security-dev@openjdk.java.net> > Subject: [CAUTION] [11u]: RFR: Backport of 8215694: keytool cannot > generate RSASSA-PSS certificates > > Hi, > > please help reviewing the backport of JDK- 8215694: keytool cannot generate > RSASSA-PSS certificates. The patch doesn't apply cleanly but the rejects are > only minor. The Item is needed as prerequisite to apply JDK-8216039. > > Bug: https://bugs.openjdk.java.net/browse/JDK-8215694 > Original Change: http://hg.openjdk.java.net/jdk/jdk12/rev/bdb29aa5fd31 > Rejects when applying original change: > http://cr.openjdk.java.net/~clanger/webrevs/8215694.rejects.patch > Full Webrev: > http://cr.openjdk.java.net/~clanger/webrevs/8215694.11u.full.0/ > Incremental Webrev of added modifications: > http://cr.openjdk.java.net/~clanger/webrevs/8215694.11u.manual.0/ > > Thanks > Christoph
