Request for phase 2 approval for CR 7099228 - Use a PKCS11 config attribute to control encoding of an EC point
Vincent Ryan
vincent.x.ryan at oracle.com
Thu Oct 13 00:57:50 PDT 2011
7099228: Use a PKCS11 config attribute to control encoding of an EC point
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7099228
Description
The fix for CR 7054637 introduced a PKCS11 token attribute to control whether
an EC point encoding is wrapped in an ASN.1 OCTET STRING or not.
It has been reported that the numeric identifier chosen for that attribute
clashes with the numeric identifier already chosen by a vendor of PKCS11
tokens in one of their vendor extensions.
To avoid this and any future namespace collisions from other token vendors a
JCE provider attribute is used instead of a token attribute.
Equivalent patch to the fix for JDK 8:
http://cr.openjdk.java.net/~vinnie/7099228/webrev.00/
Reviewers:
Valerie Peng
Sean Mullan
Justification:
This fix is required in order to avoid any unintended behaviour in PKCS11
security tokens due to a namespace collision in an extensible set of
token attributes. One security token vendor has already been identified that
will be impacted by this namespace collision.
The fix corrects the problem before any other vendors are impacted. The fix
is limited in scope, isolated and is low risk. Only classes in the SunPKCS11
JCE provider are affected by this fix.
Testing is covered by the existing PKCS11 automated regression tests.
More information about the jdk7u-dev
mailing list