On 15 Sep 2014, at 16:50, Sean Mullan <sean.mul...@oracle.com> wrote:
> On 09/15/2014 11:34 AM, Vincent Ryan wrote: >> Originally I did support tracing for MessageDigest but removed it because of >> the huge quantity of log messages that were generated. >> Hashes are very widely used before an application even starts. SecureRandom >> is similar. > > Hmm, it would be nice to specify the engine classes you want to see. Maybe > that's too much work right now, but something like: > > java -Djava.security.debug="provider engine=MessageDigest,Signature" … We can log the JCE provider for all engine classes by default and also support a filtering mechanism using the ‘engine' sub-option as you suggest above. > >> Also I omitted KeyStore log messages because there is usually only a single >> implementation for a given keystore type so the >> JCE provider which has been selected is obvious. I’ll add support for >> KeyStore. > > Ok. I think it would be primarily useful to see the KeyStore when PKCS11 is > used with unextractable keys to help debug any subsequent delayed provider > selection. > > --Sean > >> >> >> On 15 Sep 2014, at 16:12, Sean Mullan <sean.mul...@oracle.com> wrote: >> >>> Can you also add similar log messages for MessageDigest, SecureRandom, and >>> KeyStore? >>> >>> Otherwise looks good. Please add a noreg label. Also the fix is helpful to >>> any platform and not just solaris/sparc so you should change those fields >>> to be generic. >>> >>> --Sean >>> >>> On 09/12/2014 11:11 AM, Vincent Ryan wrote: >>>> >>>> Please review this change to display the JCE provider that has been >>>> selected for common crypto operations. >>>> This aids troubleshooting crypto applications when a given crypto >>>> algorithm is supported by several JCE providers. >>>> Some crypto operations delay selecting a provider until they examine the >>>> key supplied in the init() method. >>>> This fix also accommodates that behaviour. >>>> >>>> The following crypto operations are supported: Cipher, KeyAgreement, >>>> KeyGenerator, KeyPairGenerator, Mac and Signature. >>>> To see these new messages, activate JCE provider debugging as normal. >>>> For example, >>>> >>>> % java -Djava.security.debug=provider MySSLClientApp >>>> : >>>> Provider: Signature.SHA256withRSA verification from: SunRsaSign >>>> Provider: Signature.SHA256withRSA verification from: SunRsaSign >>>> Provider: Signature.SHA256withRSA verification from: SunRsaSign >>>> Provider: Signature.SHA1withDSA verification from: SunPKCS11-Solaris >>>> Provider: Signature.SHA1withDSA verification from: SunPKCS11-Solaris >>>> Provider: Signature.MD5withRSA verification from: SunPKCS11-Solaris >>>> Provider: Signature.MD5withRSA verification from: SunPKCS11-Solaris >>>> Provider: Signature.SHA256withRSA verification from: SunRsaSign >>>> Provider: Signature.SHA256withRSA verification from: SunRsaSign >>>> Provider: KeyPairGenerator.EC from: SunPKCS11-Solaris >>>> Provider: Signature.SHA256withRSA verification from: SunRsaSign >>>> Provider: Signature.SHA256withRSA verification from: SunRsaSign >>>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE >>>> Provider: KeyGenerator.SunTls12RsaPremasterSecret from: SunJCE >>>> Provider: Cipher.RSA/ECB/PKCS1Padding key wrapping from: SunPKCS11-Solaris >>>> Provider: KeyGenerator.SunTls12MasterSecret from: SunJCE >>>> Provider: KeyGenerator.SunTls12KeyMaterial from: SunJCE >>>> Provider: Signature.SHA512withRSA signing from: SunPKCS11-Solaris >>>> Provider: KeyGenerator.SunTls12Prf from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE >>>> Provider: KeyGenerator.SunTls12Prf from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE >>>> Provider: KeyGenerator.SunTls12KeyMaterial from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE >>>> Provider: KeyGenerator.SunTls12Prf from: SunJCE >>>> Provider: KeyGenerator.SunTls12Prf from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding decryption from: SunJCE >>>> Provider: Cipher.AES/GCM/NoPadding encryption from: SunJCE >>>> : >>>> >>>> >>>> Thanks. >>>> >>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8056026 >>>> Webrev: http://cr.openjdk.java.net/~vinnie/8056026/webrev.00/ >>
