RFR: 8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
Martin Balao
mbalao at openjdk.java.net
Tue May 18 03:20:53 UTC 2021
On Tue, 4 May 2021 23:25:16 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Hi,
>>
>> Please find in this PR a proposal to fix JDK-8265462 [1].
>>
>> With this fix, OpenJDK will only use the known slot IDs for the NSS Internal Module. If the NSS Internal Module has more slots (for example, as a result of an initialization sequence such as the one triggered from the libnsssysinit.so library), they will be ignored. The goal is to handle multiple-slots scenarios while keeping OpenJDK's previous behavior.
>>
>> No regressions observed in the jdk/sun/security/pkcs11 tests category.
>>
>> A new regression test was not added as part of this changeset because of its complexity. It would depend on a specific NSS configuration, or the NSS library would need to be mocked. I've done manual testing in my environment and JDK-8265462 [1] has further information about it.
>>
>> Thanks,
>> Martin.-
>>
>> --
>> [1] - https://bugs.openjdk.java.net/browse/JDK-8265462
>
> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/j2secmod.h line 78:
>
>> 76:
>> 77: /* represent a pkcs#11 slot reference counted. */
>> 78: struct PK11SlotInfoStr {
>
> nit: add which nss header this is from.
Good
> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/j2secmod.h line 166:
>
>> 164: };
>> 165:
>> 166: struct SECMODModuleStr {
>
> Same nit: add which nss header this is from.
Good. Done for every structure there
-------------
PR: https://git.openjdk.java.net/jdk/pull/3661
More information about the security-dev
mailing list