RFR: 8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files [v2]

Valerie Peng valeriep at openjdk.java.net
Wed Nov 4 04:24:57 UTC 2020


On Tue, 3 Nov 2020 16:58:45 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> 
> 
> https://github.com/openjdk/jdk/blob/0b37b821a10325d9083c23130e4b8921812ed9c5/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java#L54
> 
> I cannot add comments to unchanged lines in PKCS11Constants.java (there's no + sign on the line numbers), but the class-level comment (starting from line 56) can also be enhanced a little.

Sure, I will update them as well.
 
>     1. CK_SESSION_HANDLE appears twice.
> 
>     2. The following appears in pkcs11t.h and I wonder if they can also be added here:
> 
> 
> ```
> typedef CK_ULONG CK_OTP_PARAM_TYPE;
> typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */
> typedef CK_ULONG CK_GENERATOR_FUNCTION;
> typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN;
> typedef CK_ULONG CK_CERTIFICATE_CATEGORY;
> typedef CK_ULONG CK_PROFILE_ID;
> typedef CK_ULONG CK_PRF_DATA_TYPE;
> typedef CK_MECHANISM_TYPE CK_SP800_108_PRF_TYPE;
> typedef CK_ULONG CK_SP800_108_DKM_LENGTH_METHOD;
> typedef CK_ULONG CK_X3DH_KDF_TYPE;
> typedef CK_ULONG CK_X2RATCHET_KDF_TYPE;
> typedef CK_ULONG CK_XEDDSA_HASH_TYPE;
> ```
> 
> I also found 2 bugs in pkcs11t.h. `CK_GCM_MESSAGE_PARAMS_PTR` and `CK_CCM_MESSAGE_PARAMS_PTR` are not defined as `CK_PTR` of their corresponding data types. Maybe you can report this to upstream?

Right, these two looks wrongly defined. I will send a comment about this to the Oasic PKCS11 TC.
Thanks~

-------------

PR: https://git.openjdk.java.net/jdk/pull/917



More information about the security-dev mailing list