On Thu, 7 Mar 2024 12:40:09 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> Currently the SunPKCS11 provider requires other providers in order to offer >> ECDHE, FFDHE and RSA-PSS in TLS handshakes: >> - FFDHE requires DiffieHellman AlgorithmParameters from SunJCE >> - ECDHE requires the SunEC provider to be installed >> - RSA-PSS requires RSASSA-PSS AlgorithmParameters from SunRsaSign >> >> This PR removes these dependencies: >> - SunPKCS11 is modified to offer the PSS and DH AlgorithmParameters (using >> the same implementation classes as the original providers) >> - Elliptic curve code is modified to remove the dependency on SunEC provider >> where possible >> >> Two existing tests were modified to verify the changes: >> - SigInteropPSS2 test was modified to install SunPKCS11 provider and remove >> SunRsaSign provider >> - FipsModeTLS12 test was modified to verify the list of NamedGroups >> available on a SSLEngine. >> >> Both modified tests fail without the changes, pass with them. Other tier1-3 >> tests continue to pass. > > Daniel Jeliński has updated the pull request incrementally with one > additional commit since the last revision: > > Restore original SunEC behavior Looks good; just have a minor question in one test. ------------- Marked as reviewed by valeriep (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/17816#pullrequestreview-1932802144
