On Wed, 13 Jan 2021 00:53:01 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>>> For cipher impls, there are more than just P11Cipher, there are also >>> P11AEADCipher and P11RSACipher. It looks like they should be updated with >>> this defensive cancellation change unless the non-compliant NSS impl is >>> algorithm-specific and does not apply to AES/GCM and RSA. >> >> Sure, I was going to go through each of them. Only P11Cipher and >> P11Signature so far but I'm working on this. > >> >> >> > For cipher impls, there are more than just P11Cipher, there are also >> > P11AEADCipher and P11RSACipher. It looks like they should be updated with >> > this defensive cancellation change unless the non-compliant NSS impl is >> > algorithm-specific and does not apply to AES/GCM and RSA. >> >> Sure, I was going to go through each of them. Only P11Cipher and >> P11Signature so far but I'm working on this. > > Wonderful, thanks! @valeriepeng let me know your thoughts. Nothing else from my side now, unless you want me to revisit something. ------------- PR: https://git.openjdk.java.net/jdk/pull/1901