[13] RFR JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
Valerie Peng
valerie.peng at oracle.com
Fri May 24 22:37:29 UTC 2019
Hi Sean,
Thanks much for the suggestion. I have added the info on newly supported
algorithms to both the CSR and the bug record. Please let me know if you
have more comments.
All,
RFEs need to be integrated by 6/13. Can someone help reviewing this
soon? Mach5 run is clean. I up'ed the version of webrev to webrev.01 due
to the additional support for RSASSA-PSS signatures.
RFE: https://bugs.openjdk.java.net/browse/JDK-8080462
CSR: https://bugs.openjdk.java.net/browse/JDK-8221442
Webrev: http://cr.openjdk.java.net/~valeriep/8080462/webrev.01/
Thanks,
Valerie
On 5/22/2019 7:55 AM, Sean Mullan wrote:
> On 5/21/19 7:19 PM, Valerie Peng wrote:
>>
>> I thought we always file CSR when updating the version of external
>> standard, e.g. documenting the import aspect of JDK.
>
> Good point though I think that was primarily based on whether the
> external standard was referenced in the javadocs of the standard APIs
> or influenced the behavior of existing APIs in some way. I don't think
> PKCS#11 is referenced from any of our standard APIs, but since this
> new version does add support for additional crypto algorithms via the
> standard APIs that weren't previously available, that sounds like a
> good enough reason for filing the CSR.
>
> I would recommend adding some additional details to the CSR to list
> what new features/algorithms PKCS#11 v2.40 provides and which standard
> APIs those features are applicable to. It would also be helpful to add
> similar details to the main issue and the release note as there aren't
> many details about what features are in the new version.
>
> Thanks,
> Sean
>
>>
>> I'd love to close/withdraw the CSR if it's not needed.
>>
>> Thanks,
>> Valerie
>> On 5/20/2019 12:11 PM, Sean Mullan wrote:
>>> On 5/17/19 3:56 PM, Valerie Peng wrote:
>>>>
>>>> Thanks Martin for helping me troubleshoot NSS side, I added PSS
>>>> support into PKCS11 provider and added PSS-specific regression
>>>> tests. Please find webrev updated as below:
>>>>
>>>> http://cr.openjdk.java.net/~valeriep/8080462/webrev.01/
>>>>
>>>> Can someone help review the CSR first as the approval may take a
>>>> week or so.
>>>
>>> I am curious why a CSR is needed? This seems to be strictly an
>>> implementation change with no compatibility effects.
>>>
>>> --Sean
>>>
>>>>
>>>> Thanks,
>>>> Valerie
>>>> On 4/12/2019 5:05 PM, Valerie Peng wrote:
>>>>>
>>>>> Anyone has time to review this? Besides the header files update, I
>>>>> added support for AES/GCM/NoPadding support. Ran into some strange
>>>>> NSS error with RSASSA-PSS signature mechanism, so I have not
>>>>> included the PSS signature impl here.
>>>>>
>>>>> RFE: https://bugs.openjdk.java.net/browse/JDK-8080462
>>>>>
>>>>> Webrev: http://cr.openjdk.java.net/~valeriep/8080462/webrev.00/
>>>>>
>>>>> CSR: https://bugs.openjdk.java.net/browse/JDK-8221442
>>>>>
>>>>> Thanks,
>>>>> Valerie
>>>>>
>>>>>
More information about the security-dev
mailing list