Hi Valerie, Thank you for agreeing to take a look at this suggested change.
Please get back to me as soon as you have any questions, comments or observations on this. Thanks, Neil On Fri, 2012-07-27 at 17:15 -0700, Valerie (Yu-Ching) Peng wrote: > Neil, > > Thanks for the feedback, I will take a look and let you know my thoughts > sometime next week. > > Valerie > > On 07/23/12 21:13, Neil Richards wrote: > > Hi all, > > > > The PKCS11 documentation [1] describes how the selection of a security > > provider implementation is (re-)performed each time any initialization > > (init*) method is called on objects of the classes: > > * javax.crypto.Cipher > > * javax.crypto.KeyAgreement > > * javax.crypto.Mac > > * java.security.Signature > > so that a suitable implementation is chosen for the Key object given to > > these initialization methods. > > > > This behaviour, whose description was introduced in Java 5, is entirely > > sensible (from a user's point of view), I think. > > > > However, the (Sun/Oracle/OpenJDK) implementation was not modified to > > actually implement the described behaviour. > > > > Java bug 6733443 was raised to report the discrepancy [2]. > > > > I have created a webrev [3] with suggested changes to make the > > implementation conform to the described behaviour. > > > > It also holds a testcase for the change, which has a bespoke (minimally > > implemented) test-specific Provider implementation and associated > > classes. These implementations contain function just sufficient for the > > tests' needs, to support things to the point of initialization. All > > other functions are stubbed out. > > > > Also, the (invocation of the) tests for Cipher, KeyAgreement& Mac are > > currently commented out, as they will only work when the provider is > > held in a signed jar file, and I wasn't sure how to accomplish that in a > > jtreg test. > > > > However, I have successfully run all these tests using versions of the > > Cipher, KeyAgreement& Mac classes which have been mildly hacked to > > remove their check to JceSecurity.canUseProvider() in chooseProvider(). > > > > Please review the suggested fix and let me your thoughts on it. > > > > Thanks, > > Neil > > > > [1]http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#DelayedSelect > > [2]http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6733443 > > [3]http://cr.openjdk.java.net/~ngmr/6733443/webrev.00/ > > > > -- Unless stated above: IBM email: neil_richards at uk.ibm.com IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
