Approved.
Cheers,
Edvard
On 13 okt 2011, at 00.57, Vincent Ryan wrote:
7099228: Use a PKCS11 config attribute to control encoding of an EC
point
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7099228
Description
The fix for CR 7054637 introduced a PKCS11 token attribute to
control whether
an EC point encoding is wrapped in an ASN.1 OCTET STRING or not.
It has been reported that the numeric identifier chosen for that
attribute
clashes with the numeric identifier already chosen by a vendor of
PKCS11
tokens in one of their vendor extensions.
To avoid this and any future namespace collisions from other token
vendors a
JCE provider attribute is used instead of a token attribute.
Equivalent patch to the fix for JDK 8:
http://cr.openjdk.java.net/~vinnie/7099228/webrev.00/
Reviewers:
Valerie Peng
Sean Mullan
Justification:
This fix is required in order to avoid any unintended behaviour in
PKCS11
security tokens due to a namespace collision in an extensible set of
token attributes. One security token vendor has already been
identified that
will be impacted by this namespace collision.
The fix corrects the problem before any other vendors are impacted.
The fix
is limited in scope, isolated and is low risk. Only classes in the
SunPKCS11
JCE provider are affected by this fix.
Testing is covered by the existing PKCS11 automated regression tests.
