[8u] RFR: 8266929: Unable to use algorithms from 3p providers
Alexey Bakhtin
alexey at azul.com
Thu May 13 10:48:07 UTC 2021
Hi Dan,
I think regeneration of the oidTable could lead to a performance issue in the case of multiple signed jars and/or custom security providers. Backport of JDK-8242151 [1] enhancement could help here as it collects most of the known OIDs. The oidTable will be regenerated if the requested algorithm is implemented in the custom provider only.
Regards
Alexey
[1] https://bugs.openjdk.java.net/browse/JDK-8242151
> On 12 May 2021, at 20:28, Lutker, Dan <lutkerd at amazon.com> wrote:
>
> Hi all,
> Please review the webrev below, it fixes a regression where algorithms from a 3p Security Provider are never made available from a singed JAR since the cache is populated during the verification of the JARs and does not refresh afterwards. This fix depends on the RFR for 8156584 [2].
>
> Issue: https://bugs.openjdk.java.net/browse/JDK-8266929
> Webrev: http://cr.openjdk.java.net/~alvdavi/webrevs/lutkerd/8266929/webrev.8u.jdk.00/
>
>
> I ran the jdk_security tests with and without the patch and got the same 5 failures with just the fix for JDK-8156584 [1] and this patch.
>
> sun/security/krb5/auto/ReplayCacheTestProc.java: More krb5 tests
> sun/security/pkcs11/Secmod/AddTrustedCert.java: make sure we can add a trusted cert to the NSS KeyStore module
> sun/security/pkcs11/ec/TestKeyFactory.java: Test the P11ECKeyFactory
> sun/security/pkcs11/fips/TestTLS12.java: Test TLS 1.2
> sun/security/pkcs11/tls/TestKeyMaterial.java: Known-answer-test for TlsKeyMaterial generator
>
> Thanks,
> Dan
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8156584
> [2] https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-April/013783.html
>
>
>
More information about the jdk8u-dev
mailing list