On Wed, 20 Mar 2024 02:44:19 GMT, Valerie Peng <valer...@openjdk.org> wrote:
> Existing legacy mechanism check disables mechanism(s) when the support is > partial, e.g. supports decryption but not encryption, or supports > verification but not signing. Some mechanisms can be used for both > encryption/decryption and sign/verify such as RSA related ones. If the > particular mechanism supports sign/verify/decryption but not encryption, it'd > be disabled as a result. Fine tune the legacy mechanism check with the > service type, i.e. supports encryption for Cipher, sign for Signature, so > the mechanism is disabled based on the service type. > For completeness sake, I also added a PKCS11 provider configuration option to > control this check (default is true, disable mechanisms with partial support). LGTM ------------- Marked as reviewed by djelinski (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/18387#pullrequestreview-1959546087
