RFR: 8315487: Security Providers Filter [v17]
Xuelei Fan
xuelei.f at gmail.com
Wed Dec 18 00:27:11 UTC 2024
Oh, your testing is checking service type Cipher which is Java SE service.
It is not the case we discussed in the context: non-Java SE service types.
Xuelei
On Tue, Dec 17, 2024 at 2:47 PM Martin Balao <mbalao at openjdk.org> wrote:
> On Tue, 17 Dec 2024 22:13:09 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org>
> wrote:
>
> > Sorry, I meant BCFIPS provider as linked in the URL I provided. Which
> may not be able to use putService as it needs to support back to Java 1.5,
> IIRC. Xuelei
>
> BCFIPS works too (tested on `bc-fips-2.0.0.jar`). In this case, the filter
> rule should be `!BCFIPS.Cipher.AES/CBC/PKCS5Padding; *` and the constructor
> `org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider`. This is the
> output:
>
>
> Cipher AES/CBC/PKCS5Padding (BC): null
> Cipher AES/GCM/NoPadding (BC): Cipher.AES/GCM/NoPadding, mode: not
> initialized, algorithm from: BCFIPS
>
>
> Please notice that the legacy `Provider::put` API is filtered too.
>
> -------------
>
> PR Comment: https://git.openjdk.org/jdk/pull/15539#issuecomment-2549809277
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20241217/1ab515c7/attachment-0001.htm>
More information about the core-libs-dev
mailing list