RFR: 8335288: SunPKCS11 initialization will call C_GetMechanismInfo on unsupported mechanisms
Kevin Driver
kdriver at openjdk.org
Fri Jul 19 19:26:32 UTC 2024
On Wed, 17 Jul 2024 00:48:20 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> Can someone help review this fix? Changed the required-mechanism check by checking if the particular mechanism is inside the list of enabled supported mechanisms. This should be more reliable than calling C_GetMechanismInfo(..) on the required mechanism given vendors may return various sorts of error codes.
>
> Thanks,
> Valerie
I understand that the sample config is for a test, but are there any mechanisms we *would* want to disable by default? It occurred to me as I was reading through the test and noticed that SHA1 was not in the disabled list *for the test*.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/20207#issuecomment-2239975486
More information about the security-dev
mailing list