RFR: 8315487: Security Providers Filter [v17]
Martin Balao
mbalao at openjdk.org
Tue Dec 17 22:47:40 UTC 2024
On Tue, 17 Dec 2024 22:13:09 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> Sorry, I meant BCFIPS provider as linked in the URL I provided. Which may not be able to use putService as it needs to support back to Java 1.5, IIRC. Xuelei
BCFIPS works too (tested on `bc-fips-2.0.0.jar`). In this case, the filter rule should be `!BCFIPS.Cipher.AES/CBC/PKCS5Padding; *` and the constructor `org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider`. This is the output:
Cipher AES/CBC/PKCS5Padding (BC): null
Cipher AES/GCM/NoPadding (BC): Cipher.AES/GCM/NoPadding, mode: not initialized, algorithm from: BCFIPS
Please notice that the legacy `Provider::put` API is filtered too.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/15539#issuecomment-2549809277
More information about the core-libs-dev
mailing list