Thanks for the review. The PKCS11 implementation is a little peculiar in that it is configured out-of-the-box only for Solaris and that implementation doesn’t support DSA. So I’ve added only the first of your additional lines below.
(NOTE the update to the Ucrypto provider) Updated webrev at: http://cr.openjdk.java.net/~vinnie/8161571/webrev.01/ > On 21 Jul 2016, at 15:46, Xuelei Fan <xuelei....@oracle.com> wrote: > > Looks fine to me. > > Just two minor comments. The run tag in the test may be not necessary. > Like EC algorithm, maybe the PKCS11 implementation of RSA and DSA > algorithms can also be checked on some platform if not using provider > option. > > + main0("RSA", 2048, "SHA256withRSA", null); > + main0("DSA", 2048, "SHA256withDSA", null); > > Xuelei > > On 7/20/2016 3:10 AM, Vincent Ryan wrote: >> Please review this fix to apply stricter length checks when verifying public >> key signatures. >> Thanks. >> >> Bug: https://bugs.openjdk.java.net/browse/JDK-8161571 >> Webrev: http://cr.openjdk.java.net/~vinnie/8161571/webrev.00/ >> >
