RFR JDK-8029661: JDK-Support TLS v1.2 algorithm in SunPKCS11 provider
Martin Balao
mbalao at redhat.com
Tue Aug 14 14:43:18 UTC 2018
Hi Valerie,
Here it is Webrev.07:
* http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.07/
* http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.07.zip
* p11_convert.c:
* L530 and 834: masterKeyDeriveParamToCKMasterKeyDeriveParam and
keyMatParamToCKKeyMatParam functions used to accept "null" value for class
parameter -and, in fact, immediately return in such case-. Null-checking
was in these functions to avoid checking on each call site (i.e.:
jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam and
jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam call sites for
masterKeyDeriveParamToCKMasterKeyDeriveParam). But I reverted this change
now, so we check on call sites. I couldn't find any not-checked FindClass
call.
* L1262: well spotted! Fixed.
* Author tags removed
* Updated copyright on every modified file
* TestTLS12.java improvements:
* initSecmod is now called when starting the test
* Better integration with existing NSSDB + FIPS infrastructure
* RSA+SHA256 certificate (that expires in 2042) was added to FIPS
keystore and NSSDB.
* Putback comment on webrev
* jdk/sun/security/pkcs11 test suite pass-rate experienced no regression
Thanks,
Martin.-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180814/7da1ddec/attachment.htm>
More information about the security-dev
mailing list