[8u] RFR 8080462: Update SunPKCS11 provider with PKCS11 v2.40 support

Hohensee, Paul hohensee at amazon.com
Wed Nov 20 16:07:00 UTC 2019


You define TRAILER_FIELD_BC in two places which may result in future version skew (i.e., one gets updated but the other doesn't). I'd put the 11u PSSParameterSpec definition in 8u instead. That'll be an obvious overlay if 8146293 is backported, imo likely given it seems to be needed for TLS 1.3.

Otherwise good.

Paul

On 11/19/19, 11:57 AM, "jdk8u-dev on behalf of Martin Balao" <jdk8u-dev-bounces at openjdk.java.net on behalf of mbalao at redhat.com> wrote:

    Hi,
    
    I'd like to request a review for the 8u backport of 8080462 [1].
    
    Webrev.00:
    
     *
    http://cr.openjdk.java.net/~mbalao/webrevs/8080462/8080462.8u.jdk.webrev.00/
    
    Differences from 11u patch [2]:
    
     * src/share/legal/pkcs11cryptotoken.md
      * Does not apply because "8169925: Organize licenses by module in
    source, JMOD file, and run-time image" [3] is not in 8u.
    
     * src/share/classes/sun/security/pkcs11/SunPKCS11.java
      * 6th and 11th hook do not apply cleanly because ECParameters location
    is "sun.security.ec.ECParameters" in 8u instead of
    "sun.security.util.ECParameters"
      * 8th hook does not apply cleanly because 8042967 [4] is not in 8u.
    
     * src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java
      * 5th hook does not apply cleanly because toString method uses a
    StringBuffer instead of a StringBuilder (8041679 [5] is not in 8u).
    
     * src/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
      * 1st hook does not apply cleanly because toString method uses a
    StringBuffer instead of a StringBuilder (8041679 [5] is not in 8u).
    
     * src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c
      * 13th hook does no apply cleanly because 8074580 [6] is not in 8u.
    Manually applied change.
    
     * src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c
      * Copyright date.
    
     * src/share/native/sun/security/pkcs11/wrapper/p11_util.c
      * Copyright date.
    
     * src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h
      * 4th hook does not apply cleanly because 6913047 was backported to 8u
    without the "//#define P11_DEBUG" line.
    
     * test/sun/security/pkcs11/MessageDigest/ByteBuffers.java
      * 1th hook does not apply cleanly because of copyright date.
      * 2nd hook do not apply cleanly because 8164639 [7], 8078334 [8],
    8172527 [9], 8144539 [10] are not in 8u. Manually applied changes.
    
     * src/share/classes/sun/security/util/GCMParameters.java
      * HexDumpEncoder is sun.misc.HexDumpEncoder in 8u (instead of
    sun.security.util.HexDumpEncoder)
    
     * src/share/classes/sun/security/pkcs11/P11PSSSignature.java
      * PSSParameterSpec.TRAILER_FIELD_BC does not exist in 8u because
    8146293 [11] has not been backported. Added a private field in
    P11PSSSignature with the constant.
    
     * test/sun/security/pkcs11/Cipher/TestKATForGCM.java
     * test/sun/security/pkcs11/Cipher/Test4512704.java
     * test/sun/security/pkcs11/Cipher/TestCICOWithGCM.java
     * test/sun/security/pkcs11/Cipher/TestCICOWithGCMAndAAD.java
     * test/sun/security/pkcs11/Cipher/TestGCMKeyAndIvCheck.java
     * test/sun/security/pkcs11/Signature/InitAgainPSS.java
     * test/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
     * test/sun/security/pkcs11/Signature/SigInteropPSS.java
     * test/sun/security/pkcs11/Signature/SignatureTestPSS.java
     * test/sun/security/pkcs11/Signature/TestDSA2.java
      * @library jtreg header modified to remove "/test/lib"
      * 8144539 [12] is not in 8u. Given that the test uses no arguments, I
    discarded the parameter when calling PKCS11Test::main method.
    
     * test/sun/security/pkcs11/Signature/InitAgainPSS.java
      * PSSParameterSpec.TRAILER_FIELD_BC does not exist in 8u because
    8146293 [11] has not been backported. Added a private field in
    InitAgainPSS with the constant.
    
     * make/mapfiles/libj2pkcs11/mapfile-vers
      * Added Java_sun_security_pkcs11_wrapper_PKCS11_freeMechanism native
    method
    
     * test/sun/security/pkcs11/Signature/SigInteropPSS.java
      * "java.security.NoSuchAlgorithmException: no such algorithm:
    RSASSA-PSS for provider SunRsaSign" error.
       * This test cannot properly execute because 8146293 [11] is not in
    8u. Manually modified to skip unless 8146293 [11] is available.
    
    
    Testing
    
     * No regressions have been observed in sun/security/pkcs11 category
    
     * All new tests (introduced by this enhancement) pass
      * Note: SigInteropPSS is skipped for the reasons previously stated
    
    Thanks,
    Martin.-
    
    --
    [1] - https://bugs.openjdk.java.net/browse/JDK-8080462
    [2] - https://hg.openjdk.java.net/jdk-updates/jdk11u-dev/rev/8bac0ba1d5ce
    [3] - https://bugs.openjdk.java.net/browse/JDK-8169925
    [4] - https://bugs.openjdk.java.net/browse/JDK-8042967
    [5] - https://bugs.openjdk.java.net/browse/JDK-8041679
    [6] - https://bugs.openjdk.java.net/browse/JDK-8074580
    [7] - https://bugs.openjdk.java.net/browse/JDK-8164639
    [8] - https://bugs.openjdk.java.net/browse/JDK-8078334
    [9] - https://bugs.openjdk.java.net/browse/JDK-8172527
    [10] - https://bugs.openjdk.java.net/browse/JDK-8144539
    [11] - https://bugs.openjdk.java.net/browse/JDK-8146293
    [12] - https://bugs.openjdk.java.net/browse/JDK-8144539
    
    



More information about the jdk8u-dev mailing list