Thanks for the review~
Your point is valid for default configuration. But in the rare case
where the new jdk.security.provider.preferred property is set, the most
preferred provider may not be the one which supplied the digest object
for the generic getInstance() call.
So, instead of removing the first provider, I added a check to skip
calling getInstance() if the provider name comparison matched.
Webrev updated at: http://cr.openjdk.java.net/~valeriep/8157579/webrev.01/
Thanks,
Valerie
On 8/5/2016 4:02 AM, Vincent Ryan wrote:
Your fix looks good. One comment is that you could trim the Provider[] to
exclude the most-preferred provider (at index=0).
Thanks.
On 5 Aug 2016, at 03:01, Valerie Peng <valerie.p...@oracle.com> wrote:
Anyone has time to review this fix? The code change is in only one file and
straightforward if you agree with the approach.
Starting S11.3 and S12, OracleUcrypto provider switched to new Ucrypto APIs for
message digest operations and there is no clone support.
This affects the MAC impls of SunJCE provider which delegates the digest
operation to the most preferred provider.
To ensure the clone support, I will switch to getting the digest impl from SUN
provider if the most preferred one does not.
In the case of SUN provider is not available, it will then goes through
provider list.
Bug: https://bugs.openjdk.java.net/browse/JDK-8157579
Webrev: http://cr.openjdk.java.net/~valeriep/8157579/webrev.00/
No new test as it's covered by existing regression test.
Thanks,
Valerie
