Request for phase 2 approval for CR 7099228 - Use a PKCS11 config attribute to control encoding of an EC point
Edvard Wendelin
edvard.wendelin at oracle.com
Thu Oct 13 11:35:56 PDT 2011
Approved.
Cheers,
Edvard
On 13 okt 2011, at 00.57, Vincent Ryan wrote:
>
> 7099228: Use a PKCS11 config attribute to control encoding of an EC
> point
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7099228
>
> Description
> The fix for CR 7054637 introduced a PKCS11 token attribute to
> control whether
> an EC point encoding is wrapped in an ASN.1 OCTET STRING or not.
>
> It has been reported that the numeric identifier chosen for that
> attribute
> clashes with the numeric identifier already chosen by a vendor of
> PKCS11
> tokens in one of their vendor extensions.
>
> To avoid this and any future namespace collisions from other token
> vendors a
> JCE provider attribute is used instead of a token attribute.
>
> Equivalent patch to the fix for JDK 8:
> http://cr.openjdk.java.net/~vinnie/7099228/webrev.00/
>
> Reviewers:
> Valerie Peng
> Sean Mullan
>
> Justification:
> This fix is required in order to avoid any unintended behaviour in
> PKCS11
> security tokens due to a namespace collision in an extensible set of
> token attributes. One security token vendor has already been
> identified that
> will be impacted by this namespace collision.
>
> The fix corrects the problem before any other vendors are impacted.
> The fix
> is limited in scope, isolated and is low risk. Only classes in the
> SunPKCS11
> JCE provider are affected by this fix.
>
> Testing is covered by the existing PKCS11 automated regression tests.
>
More information about the jdk7u-dev
mailing list