RFR: 8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files [v2]

Weijun Wang weijun at openjdk.java.net
Tue Nov 3 17:03:59 UTC 2020


On Mon, 2 Nov 2020 21:33:31 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>>> 
>>> 
>>> Just curious, can the Java files be generated during the build process?
>> 
>> Hmm, maybe, by the java files, do you just mean PKCS11Constants class or more? I am not familiar with how to generate Java files during the build process, can you share some pointers? I can look into them for possible future enhancement.
>
>> > Just curious, can the Java files be generated during the build process?
>> 
>> Hmm, maybe, by the java files, do you just mean PKCS11Constants class or more? I am not familiar with how to generate Java files during the build process, can you share some pointers? I can look into them for possible future enhancement.
> 
> Well, any file that was a rewrite of its C sibling.
> 
> SunEC's finite field arithmetic code is generated in the build process. The generation tool is https://github.com/openjdk/jdk/blob/fd28aad72d3a13fbc2eb13293d40564e471414f3/make/jdk/src/classes/build/tools/intpoly/FieldGen.java#L35 and it's called by https://github.com/openjdk/jdk/blob/1cb7df63e7015da568b67c55a7a4468500ea564d/make/modules/java.base/Gensrc.gmk#L113 and the files are generated in the `$BUILD_OUTPUT/support/gensrc` directory. These files will be automatically merged with the human-written sources files in `src` of the same package at build time.

I cannot add comments to unchanged lines in PKCS11Constants.java (there's no + sign on the line numbers), but the class-level comment (starting from line 50) can also be enhanced a little.

1. CK_SESSION_HANDLE appears twice.
2. The following appears in pkcs11t.h and I wonder if they can also be added here:
typedef CK_ULONG CK_OTP_PARAM_TYPE;
typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */
typedef CK_ULONG CK_GENERATOR_FUNCTION;
typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN;
typedef CK_ULONG CK_CERTIFICATE_CATEGORY;
typedef CK_ULONG CK_PROFILE_ID;
typedef CK_ULONG CK_PRF_DATA_TYPE;
typedef CK_MECHANISM_TYPE CK_SP800_108_PRF_TYPE;
typedef CK_ULONG CK_SP800_108_DKM_LENGTH_METHOD;
typedef CK_ULONG CK_X3DH_KDF_TYPE;
typedef CK_ULONG CK_X2RATCHET_KDF_TYPE;
typedef CK_ULONG CK_XEDDSA_HASH_TYPE;
I also found 2 bugs in pkcs11t.h. `CK_GCM_MESSAGE_PARAMS_PTR` and `CK_CCM_MESSAGE_PARAMS_PTR` are not defined as `CK_PTR` of their corresponding data types. Maybe you can report this to upstream?

-------------

PR: https://git.openjdk.java.net/jdk/pull/917



More information about the security-dev mailing list