[13] RFR JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
Sean Mullan
sean.mullan at oracle.com
Wed May 22 14:55:58 UTC 2019
On 5/21/19 7:19 PM, Valerie Peng wrote:
>
> I thought we always file CSR when updating the version of external
> standard, e.g. documenting the import aspect of JDK.
Good point though I think that was primarily based on whether the
external standard was referenced in the javadocs of the standard APIs or
influenced the behavior of existing APIs in some way. I don't think
PKCS#11 is referenced from any of our standard APIs, but since this new
version does add support for additional crypto algorithms via the
standard APIs that weren't previously available, that sounds like a good
enough reason for filing the CSR.
I would recommend adding some additional details to the CSR to list what
new features/algorithms PKCS#11 v2.40 provides and which standard APIs
those features are applicable to. It would also be helpful to add
similar details to the main issue and the release note as there aren't
many details about what features are in the new version.
Thanks,
Sean
>
> I'd love to close/withdraw the CSR if it's not needed.
>
> Thanks,
> Valerie
> On 5/20/2019 12:11 PM, Sean Mullan wrote:
>> On 5/17/19 3:56 PM, Valerie Peng wrote:
>>>
>>> Thanks Martin for helping me troubleshoot NSS side, I added PSS
>>> support into PKCS11 provider and added PSS-specific regression tests.
>>> Please find webrev updated as below:
>>>
>>> http://cr.openjdk.java.net/~valeriep/8080462/webrev.01/
>>>
>>> Can someone help review the CSR first as the approval may take a week
>>> or so.
>>
>> I am curious why a CSR is needed? This seems to be strictly an
>> implementation change with no compatibility effects.
>>
>> --Sean
>>
>>>
>>> Thanks,
>>> Valerie
>>> On 4/12/2019 5:05 PM, Valerie Peng wrote:
>>>>
>>>> Anyone has time to review this? Besides the header files update, I
>>>> added support for AES/GCM/NoPadding support. Ran into some strange
>>>> NSS error with RSASSA-PSS signature mechanism, so I have not
>>>> included the PSS signature impl here.
>>>>
>>>> RFE: https://bugs.openjdk.java.net/browse/JDK-8080462
>>>>
>>>> Webrev: http://cr.openjdk.java.net/~valeriep/8080462/webrev.00/
>>>>
>>>> CSR: https://bugs.openjdk.java.net/browse/JDK-8221442
>>>>
>>>> Thanks,
>>>> Valerie
>>>>
>>>>
More information about the security-dev
mailing list