[9] RFR 8157579: com/sun/crypto/provider/Mac/MacClone.java failed on solaris12(sparcv9 and x86)
Valerie Peng
valerie.peng at oracle.com
Wed Aug 10 00:25:41 UTC 2016
Thanks for the review~
Your point is valid for default configuration. But in the rare case
where the new jdk.security.provider.preferred property is set, the most
preferred provider may not be the one which supplied the digest object
for the generic getInstance() call.
So, instead of removing the first provider, I added a check to skip
calling getInstance() if the provider name comparison matched.
Webrev updated at: http://cr.openjdk.java.net/~valeriep/8157579/webrev.01/
Thanks,
Valerie
On 8/5/2016 4:02 AM, Vincent Ryan wrote:
> Your fix looks good. One comment is that you could trim the Provider[] to exclude the most-preferred provider (at index=0).
> Thanks.
>
>
>> On 5 Aug 2016, at 03:01, Valerie Peng <valerie.peng at oracle.com> wrote:
>>
>>
>> Anyone has time to review this fix? The code change is in only one file and straightforward if you agree with the approach.
>> Starting S11.3 and S12, OracleUcrypto provider switched to new Ucrypto APIs for message digest operations and there is no clone support.
>> This affects the MAC impls of SunJCE provider which delegates the digest operation to the most preferred provider.
>> To ensure the clone support, I will switch to getting the digest impl from SUN provider if the most preferred one does not.
>> In the case of SUN provider is not available, it will then goes through provider list.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8157579
>> Webrev: http://cr.openjdk.java.net/~valeriep/8157579/webrev.00/
>>
>> No new test as it's covered by existing regression test.
>>
>> Thanks,
>> Valerie
>>
>>
More information about the security-dev
mailing list