[jdk11u-dev] RFR: 8331959: Update PKCS#11 Cryptographic Token Interface to v3.1
Andrew John Hughes
andrew at openjdk.org
Tue Mar 25 15:36:27 UTC 2025
On Fri, 20 Dec 2024 09:26:54 GMT, Antonio Vieiro <duke at openjdk.org> wrote:
> Clean backport of [JDK-8331959](https://bugs.openjdk.org/browse/JDK-8331959) for parity with Oracle's 11.0.27.
> This adds some new constants and typedefs, and minor formatting of the license file.
> Passes tier1 tests on Linux.
Change seems low risk. Update is a minor revision of the PKCS#11 header files. There are a lot of stylistic changes that make the actual changes hard to see, but it is basically adding a few new definitions and structs. I can't see this causing any issue, but could facilitate support for new algorithms in the PKCS#11 provider.
Key part is:
~~~~
+#define CKM_IKE2_PRF_PLUS_DERIVE 0x0000402eUL
+#define CKM_IKE_PRF_DERIVE 0x0000402fUL
+#define CKM_IKE1_PRF_DERIVE 0x00004030UL
+#define CKM_IKE1_EXTENDED_DERIVE 0x00004031UL
+#define CKM_HSS_KEY_PAIR_GEN 0x00004032UL
+#define CKM_HSS 0x00004033UL
~~~~
and related structs.
Incidentally, these kind of concerns - stability, risk, etc. - should be the subject of the approval request. I don't regard "parity with Oracle" as sufficient reason alone for approval. Please bear that in mind for future requests.
-------------
PR Comment: https://git.openjdk.org/jdk11u-dev/pull/2979#issuecomment-2751675143
More information about the jdk-updates-dev
mailing list