[9] RFR 8056026 Debug security logging should print Provider used for each crypto operation

Vincent Ryan vincent.x.ryan at oracle.com
Fri Sep 12 15:11:22 UTC 2014


Please review this change to display the JCE provider that has been selected for common crypto operations.
This aids troubleshooting crypto applications when a given crypto algorithm is supported by several JCE providers.
Some crypto operations delay selecting a provider until they examine the key supplied in the init() method.
This fix also accommodates that behaviour.

The following crypto operations are supported: Cipher, KeyAgreement, KeyGenerator, KeyPairGenerator, Mac and Signature.
To see these new messages, activate JCE provider debugging as normal. For example,

% java -Djava.security.debug=provider MySSLClientApp
 :
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA1withDSA verification from: SunPKCS11-Solaris
Provider: Signature.SHA1withDSA verification from: SunPKCS11-Solaris
Provider: Signature.MD5withRSA verification from: SunPKCS11-Solaris
Provider: Signature.MD5withRSA verification from: SunPKCS11-Solaris
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: KeyPairGenerator.EC from: SunPKCS11-Solaris
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: KeyGenerator.SunTls12RsaPremasterSecret from: SunJCE
Provider: Cipher.RSA/ECB/PKCS1Padding key wrapping from: SunPKCS11-Solaris
Provider: KeyGenerator.SunTls12MasterSecret from: SunJCE
Provider: KeyGenerator.SunTls12KeyMaterial from: SunJCE
Provider: Signature.SHA512withRSA signing from: SunPKCS11-Solaris
Provider: KeyGenerator.SunTls12Prf from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: KeyGenerator.SunTls12Prf from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: KeyGenerator.SunTls12KeyMaterial from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: KeyGenerator.SunTls12Prf from: SunJCE
Provider: KeyGenerator.SunTls12Prf from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
 :


Thanks.

Bug: https://bugs.openjdk.java.net/browse/JDK-8056026
Webrev: http://cr.openjdk.java.net/~vinnie/8056026/webrev.00/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20140912/3383152a/attachment.htm>


More information about the security-dev mailing list