Re: PKCS#11 provider issues with min and max size

I just realized that a natural place to configure provider behavior is in the provider construction, which is also per provider, so you can have multiple ones with different configuration. We are already using an InputStream to construct SunPKCS11, and adding more parameters to configure/override

Re: [PATCH]: Support for brainpool curves from CurveDB in SunEC

Just FYI. SoftHSM2 from the OpenDNSSec project is a good P11 to test with, and I believe it supports brainpool in recent versions. https://github.com/opendnssec/SoftHSMv2 It works really good) Regards, Tomas On 2018-02-09 02:03, Valerie Peng wrote: > Hi Tobias, > > Just curious, which PKCS11

RFR: 8193892: Impact of noncloneable MessageDigest implementation

Looking to push a new test which helps test CloneableDigest code. It's something that arose during JDK-8193683 fix. The test was contributed by Brad Wetmore. I've converted it to use the SSLSocketTemplate. JBS : https://bugs.openjdk.java.net/browse/JDK-8193892 webrev :

Re: PKCS#11 provider issues with min and max size

Oh-well, I suppose that we are all humans. ;) Let me take a closer look on this and see if there are other ways to relax this constraint than adding env var which should be the very last resort in my opinion. BTW, is there a bug filed for this? Thanks for the feedback, Valerie On 2/9/2018

Re: PKCS#11 provider issues with min and max size

Hmm, seems reasonable to support this in the provider configuration file. Or, on a similar note, but slightly different approach is to just add an configuration option for disabling checking the supported key size range. Regards, Valerie On 2/9/2018 2:16 AM, Tomas Gustavsson wrote: I just

AW: [PATCH]: Support for brainpool curves from CurveDB in SunEC

Hi Valerie, these tests were initally meant for the new curves in SunEC, but the SunEC tests are using the PKCS#11 tests. Even though I made these known answer tests for SunEC, I think it might be a good idea not to limit them to SunEC but run them on tests using TestECDH with any provider,

Re: PKCS#11 provider issues with min and max size

Hi, Thanks for the answer. (sorry I was out with the flu for a week) > I am not too keen to add an env var/system property to accommodate this > kind of PKCS11 library bugs since this should be rare I hope. > Valerie Unfortunately I don't see it as rare and the impact is huge due to the slow

Re: contribute to the OpenJDK security group

Awesome. I just posted in another thread to the mailing list with some examples where more flexibility would be needed. "PKCS#11 provider issues with min and max size". Another example would be to add flexibility to be more crypto "agile". I.e. when new algorithms come out, for example SHA3. It

Re: RFR 8191438: jarsigner should print when a timestamp will expire

Updated again at http://cr.openjdk.java.net/~weijun/8191438/webrev.05/. --Max > On Jan 4, 2018, at 8:48 AM, Weijun Wang wrote: > > Please take a review at > > http://cr.openjdk.java.net/~weijun/8191438/webrev.04/ > > Major changes: > > 1. Warnings on TSA cert chain: