RFR: 8325164: Named groups and signature schemes unavailable with SunPKCS11 in FIPS mode [v2]
Daniel Jeliński
djelinski at openjdk.org
Tue Mar 12 20:18:37 UTC 2024
On Tue, 12 Mar 2024 18:12:07 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Restore original SunEC behavior
>
> test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java line 56:
>
>> 54: Provider sunRsaSign = Security.getProvider("SunRsaSign");
>> 55: Security.removeProvider("SunRsaSign");
>> 56: Security.insertProviderAt(p, 1);
>
> IIRC, the getInstance() call always specify which provider, why do we need to insert the provider to position 1?
It was needed because engineGetParameters did not specify provider; I fixed that and removed this line.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17816#discussion_r1522059723
More information about the security-dev
mailing list