[8u] RFR 8080462: Update SunPKCS11 provider with PKCS11 v2.40 support

David Alvarez alvdavi at amazon.com
Thu Dec 5 23:05:43 UTC 2019


Also, we have 8228835 [1], fixing a memory leak introduced by 8080462.

David

--
[1] https://bugs.openjdk.java.net/browse/JDK-8228835

On 2019-11-29 02:56, Severin Gehwolf wrote:
> Hi,
> 
> On Tue, 2019-11-19 at 16:55 -0300, Martin Balao wrote:
>> Hi,
>>
>> I'd like to request a review for the 8u backport of 8080462 [1].
>>
>> Webrev.00:
>>
>>  *
>> http://cr.openjdk.java.net/~mbalao/webrevs/8080462/8080462.8u.jdk.webrev.00/
> 
> Since this backport broke 32-bit builds in jdk/jdk, could you please
> also look at backporting JDK-8225695 to 8u, please?
> 
> Thanks,
> Severin
> 
>> Differences from 11u patch [2]:
>>
>>  * src/share/legal/pkcs11cryptotoken.md
>>   * Does not apply because "8169925: Organize licenses by module in
>> source, JMOD file, and run-time image" [3] is not in 8u.
>>
>>  * src/share/classes/sun/security/pkcs11/SunPKCS11.java
>>   * 6th and 11th hook do not apply cleanly because ECParameters location
>> is "sun.security.ec.ECParameters" in 8u instead of
>> "sun.security.util.ECParameters"
>>   * 8th hook does not apply cleanly because 8042967 [4] is not in 8u.
>>
>>  * src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
>>   * 5th hook does not apply cleanly because toString method uses a
>> StringBuffer instead of a StringBuilder (8041679 [5] is not in 8u).
>>
>>  * src/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
>>   * 1st hook does not apply cleanly because toString method uses a
>> StringBuffer instead of a StringBuilder (8041679 [5] is not in 8u).
>>
>>  * src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c
>>   * 13th hook does no apply cleanly because 8074580 [6] is not in 8u.
>> Manually applied change.
>>
>>  * src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c
>>   * Copyright date.
>>
>>  * src/share/native/sun/security/pkcs11/wrapper/p11_util.c
>>   * Copyright date.
>>
>>  * src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h
>>   * 4th hook does not apply cleanly because 6913047 was backported to 8u
>> without the "//#define P11_DEBUG" line.
>>
>>  * test/sun/security/pkcs11/MessageDigest/ByteBuffers.java
>>   * 1th hook does not apply cleanly because of copyright date.
>>   * 2nd hook do not apply cleanly because 8164639 [7], 8078334 [8],
>> 8172527 [9], 8144539 [10] are not in 8u. Manually applied changes.
>>
>>  * src/share/classes/sun/security/util/GCMParameters.java
>>   * HexDumpEncoder is sun.misc.HexDumpEncoder in 8u (instead of
>> sun.security.util.HexDumpEncoder)
>>
>>  * src/share/classes/sun/security/pkcs11/P11PSSSignature.java
>>   * PSSParameterSpec.TRAILER_FIELD_BC does not exist in 8u because
>> 8146293 [11] has not been backported. Added a private field in
>> P11PSSSignature with the constant.
>>
>>  * test/sun/security/pkcs11/Cipher/TestKATForGCM.java
>>  * test/sun/security/pkcs11/Cipher/Test4512704.java
>>  * test/sun/security/pkcs11/Cipher/TestCICOWithGCM.java
>>  * test/sun/security/pkcs11/Cipher/TestCICOWithGCMAndAAD.java
>>  * test/sun/security/pkcs11/Cipher/TestGCMKeyAndIvCheck.java
>>  * test/sun/security/pkcs11/Signature/InitAgainPSS.java
>>  * test/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
>>  * test/sun/security/pkcs11/Signature/SigInteropPSS.java
>>  * test/sun/security/pkcs11/Signature/SignatureTestPSS.java
>>  * test/sun/security/pkcs11/Signature/TestDSA2.java
>>   * @library jtreg header modified to remove "/test/lib"
>>   * 8144539 [12] is not in 8u. Given that the test uses no arguments, I
>> discarded the parameter when calling PKCS11Test::main method.
>>
>>  * test/sun/security/pkcs11/Signature/InitAgainPSS.java
>>   * PSSParameterSpec.TRAILER_FIELD_BC does not exist in 8u because
>> 8146293 [11] has not been backported. Added a private field in
>> InitAgainPSS with the constant.
>>
>>  * make/mapfiles/libj2pkcs11/mapfile-vers
>>   * Added Java_sun_security_pkcs11_wrapper_PKCS11_freeMechanism native
>> method
>>
>>  * test/sun/security/pkcs11/Signature/SigInteropPSS.java
>>   * "java.security.NoSuchAlgorithmException: no such algorithm:
>> RSASSA-PSS for provider SunRsaSign" error.
>>    * This test cannot properly execute because 8146293 [11] is not in
>> 8u. Manually modified to skip unless 8146293 [11] is available.
>>
>>
>> Testing
>>
>>  * No regressions have been observed in sun/security/pkcs11 category
>>
>>  * All new tests (introduced by this enhancement) pass
>>   * Note: SigInteropPSS is skipped for the reasons previously stated
>>
>> Thanks,
>> Martin.-
>>
>> --
>> [1] - https://bugs.openjdk.java.net/browse/JDK-8080462
>> [2] - https://hg.openjdk.java.net/jdk-updates/jdk11u-dev/rev/8bac0ba1d5ce
>> [3] - https://bugs.openjdk.java.net/browse/JDK-8169925
>> [4] - https://bugs.openjdk.java.net/browse/JDK-8042967
>> [5] - https://bugs.openjdk.java.net/browse/JDK-8041679
>> [6] - https://bugs.openjdk.java.net/browse/JDK-8074580
>> [7] - https://bugs.openjdk.java.net/browse/JDK-8164639
>> [8] - https://bugs.openjdk.java.net/browse/JDK-8078334
>> [9] - https://bugs.openjdk.java.net/browse/JDK-8172527
>> [10] - https://bugs.openjdk.java.net/browse/JDK-8144539
>> [11] - https://bugs.openjdk.java.net/browse/JDK-8146293
>> [12] - https://bugs.openjdk.java.net/browse/JDK-8144539
>>
> 


More information about the jdk8u-dev mailing list