RFR: 8255409: Support the new APIs in PKCS#11 v3.0
Valerie Peng
valeriep at openjdk.java.net
Wed Dec 1 21:49:40 UTC 2021
PKCS#11 v3.0 adds the support for several new APIs. For this particular RFE, it enhances SunPKCS11 provider to load PKCS#11 provider by first trying the C_GetInterface (new in 3.0) before the C_GetFunctionList assuming not explicitly specified in config. In addition, PKCS#11 v3.0 defines a new API for cancelling session operations, so I've also updated various classes to call this new API if the PKCS#11 library version is 3.0. Otherwise, these classes will try to cancel by finishing off current operations as before. The support for the new C_LoginUser() has not been tested, so I commented it out for now. Given the current release schedule, support for other new PKCS#11 APIs (such as message-based ones and parameters structure) and options for C_GetInterface (if needed) will be handled later.
I validated the current changes against different NSS releases (supports PKCS#11 v2.40 and v3..0 respectively) with existing regression tests.
Thanks,
Valerie
-------------
Commit messages:
- 8255409: Support the new APIs in PKCS#11 v3.0
Changes: https://git.openjdk.java.net/jdk/pull/6655/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=6655&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8255409
Stats: 706 lines in 17 files changed: 552 ins; 17 del; 137 mod
Patch: https://git.openjdk.java.net/jdk/pull/6655.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/6655/head:pull/6655
PR: https://git.openjdk.java.net/jdk/pull/6655
More information about the security-dev
mailing list