On 09/15/2014 11:34 AM, Vincent Ryan wrote:
Originally I did support tracing for MessageDigest but removed it because of
the huge quantity of log messages that were generated.
Hashes are very widely used before an application even starts. SecureRandom is
similar.
Hmm, it would be nice to specify the engine classes you want to see.
Maybe that's too much work right now, but something like:
java -Djava.security.debug="provider engine=MessageDigest,Signature" ...
Also I omitted KeyStore log messages because there is usually only a single
implementation for a given keystore type so the
JCE provider which has been selected is obvious. I’ll add support for KeyStore.
Ok. I think it would be primarily useful to see the KeyStore when PKCS11
is used with unextractable keys to help debug any subsequent delayed
provider selection.
--Sean
On 15 Sep 2014, at 16:12, Sean Mullan <sean.mul...@oracle.com> wrote:
Can you also add similar log messages for MessageDigest, SecureRandom, and
KeyStore?
Otherwise looks good. Please add a noreg label. Also the fix is helpful to any
platform and not just solaris/sparc so you should change those fields to be
generic.
--Sean
On 09/12/2014 11:11 AM, Vincent Ryan wrote:
Please review this change to display the JCE provider that has been
selected for common crypto operations.
This aids troubleshooting crypto applications when a given crypto
algorithm is supported by several JCE providers.
Some crypto operations delay selecting a provider until they examine the
key supplied in the init() method.
This fix also accommodates that behaviour.
The following crypto operations are supported: Cipher, KeyAgreement,
KeyGenerator, KeyPairGenerator, Mac and Signature.
To see these new messages, activate JCE provider debugging as normal.
For example,
% java -Djava.security.debug=provider MySSLClientApp
:
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA1withDSA verification from: SunPKCS11-Solaris
Provider: Signature.SHA1withDSA verification from: SunPKCS11-Solaris
Provider: Signature.MD5withRSA verification from: SunPKCS11-Solaris
Provider: Signature.MD5withRSA verification from: SunPKCS11-Solaris
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: KeyPairGenerator.EC from: SunPKCS11-Solaris
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Signature.SHA256withRSA verification from: SunRsaSign
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: KeyGenerator.SunTls12RsaPremasterSecret from: SunJCE
Provider: Cipher.RSA/ECB/PKCS1Padding key wrapping from: SunPKCS11-Solaris
Provider: KeyGenerator.SunTls12MasterSecret from: SunJCE
Provider: KeyGenerator.SunTls12KeyMaterial from: SunJCE
Provider: Signature.SHA512withRSA signing from: SunPKCS11-Solaris
Provider: KeyGenerator.SunTls12Prf from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: KeyGenerator.SunTls12Prf from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: KeyGenerator.SunTls12KeyMaterial from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: KeyGenerator.SunTls12Prf from: SunJCE
Provider: KeyGenerator.SunTls12Prf from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE
Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE
:
Thanks.
Bug: https://bugs.openjdk.java.net/browse/JDK-8056026
Webrev: http://cr.openjdk.java.net/~vinnie/8056026/webrev.00/
