[9] RFR 8056026 Debug security logging should print Provider used for each crypto operation

Vincent Ryan vincent.x.ryan at oracle.com
Mon Sep 15 15:34:13 UTC 2014


Originally I did support tracing for MessageDigest but removed it because of the huge quantity of log messages that were generated.
Hashes are very widely used before an application even starts. SecureRandom is similar.

Also I omitted KeyStore log messages because there is usually only a single implementation for a given keystore type so the
JCE provider which has been selected is obvious. I’ll add support for KeyStore.


On 15 Sep 2014, at 16:12, Sean Mullan <sean.mullan at oracle.com> wrote:

> Can you also add similar log messages for MessageDigest, SecureRandom, and KeyStore?
> 
> Otherwise looks good. Please add a noreg label. Also the fix is helpful to any platform and not just solaris/sparc so you should change those fields to be generic.
> 
> --Sean
> 
> On 09/12/2014 11:11 AM, Vincent Ryan wrote:
>> 
>> Please review this change to display the JCE provider that has been
>> selected for common crypto operations.
>> This aids troubleshooting crypto applications when a given crypto
>> algorithm is supported by several JCE providers.
>> Some crypto operations delay selecting a provider until they examine the
>> key supplied in the init() method.
>> This fix also accommodates that behaviour.
>> 
>> The following crypto operations are supported: Cipher, KeyAgreement,
>> KeyGenerator, KeyPairGenerator, Mac and Signature.
>> To see these new messages, activate JCE provider debugging as normal.
>> For example,
>> 
>> % java -Djava.security.debug=provider MySSLClientApp
>>  :
>> Provider: Signature.SHA256withRSA verification from: SunRsaSign
>> Provider: Signature.SHA256withRSA verification from: SunRsaSign
>> Provider: Signature.SHA256withRSA verification from: SunRsaSign
>> Provider: Signature.SHA1withDSA verification from: SunPKCS11-Solaris
>> Provider: Signature.SHA1withDSA verification from: SunPKCS11-Solaris
>> Provider: Signature.MD5withRSA verification from: SunPKCS11-Solaris
>> Provider: Signature.MD5withRSA verification from: SunPKCS11-Solaris
>> Provider: Signature.SHA256withRSA verification from: SunRsaSign
>> Provider: Signature.SHA256withRSA verification from: SunRsaSign
>> Provider: KeyPairGenerator.EC from: SunPKCS11-Solaris
>> Provider: Signature.SHA256withRSA verification from: SunRsaSign
>> Provider: Signature.SHA256withRSA verification from: SunRsaSign
>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
>> Provider: KeyGenerator.SunTls12RsaPremasterSecret from: SunJCE
>> Provider: Cipher.RSA/ECB/PKCS1Padding key wrapping from: SunPKCS11-Solaris
>> Provider: KeyGenerator.SunTls12MasterSecret from: SunJCE
>> Provider: KeyGenerator.SunTls12KeyMaterial from: SunJCE
>> Provider: Signature.SHA512withRSA signing from: SunPKCS11-Solaris
>> Provider: KeyGenerator.SunTls12Prf from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
>> Provider: KeyGenerator.SunTls12Prf from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
>> Provider: KeyGenerator.SunTls12KeyMaterial from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
>> Provider: KeyGenerator.SunTls12Prf from: SunJCE
>> Provider: KeyGenerator.SunTls12Prf from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
>>  :
>> 
>> 
>> Thanks.
>> 
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8056026
>> Webrev: http://cr.openjdk.java.net/~vinnie/8056026/webrev.00/



More information about the security-dev mailing list