Add temporary OpenJCEPlusInternal provider for phase 1#31
Draft
taoliult wants to merge 1 commit into
Draft
Conversation
This change introduces OpenJCEPlusInternal as a temporary provider with a runtime-generated provider name. The generated suffix helps discourage applications from coding directly to the provider name while still allowing the provider to be inserted early in the provider list. For phase 1, register only a small set of low-risk and commonly used algorithms. The initial set is limited to MessageDigest, Mac, and SecureRandom services to reduce compatibility risk and simplify validation. This narrower provider surface lowers the chance of behavior changes that can occur when higher-risk services, such as Cipher, Signature, KeyAgreement, KeyFactory, and KeyPairGenerator, are moved earlier in provider selection. The temporary provider is intended to support a staged transition toward broader OpenJCEPlus enablement by default while keeping the first step small and easier to validate. Signed-off-by: Tao Liu <tao.liu@ibm.com>
taoliult
force-pushed
the
main_TempProvider
branch
from
2bb9b73 to
dd8031e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change introduces OpenJCEPlusInternal as a temporary provider with a runtime-generated provider name. The generated suffix helps discourage applications from coding directly to the provider name while still allowing the provider to be inserted early in the provider list.
For phase 1, register only a small set of low-risk and commonly used algorithms. The initial set is limited to MessageDigest, Mac, and SecureRandom services to reduce compatibility risk and simplify validation.
This narrower provider surface lowers the chance of behavior changes that can occur when higher-risk services, such as Cipher, Signature, KeyAgreement, KeyFactory, and KeyPairGenerator, are moved earlier in provider selection.
The temporary provider is intended to support a staged transition toward broader OpenJCEPlus enablement by default while keeping the first step small and easier to validate.