RFR: JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes
Matthias Baesken
mbaesken at openjdk.org
Wed Jul 20 06:52:02 UTC 2022
On Tue, 19 Jul 2022 20:37:09 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> None of the 3 proposed error codes in this PR is in the standard PKCS#11 header files - two of them are vendor specific. For vendor specific error code, such direct mapping may be incorrect. As for CKR_COPY_PROHIBITED, I can't find any reference in your cited PKCS#11 spec above. Do you have other standard source for it?
Hi Valerie, yes 0xCE534351L and 0xCE534352L are vendor specific but I added them because we got those (well the first one) in our jtreg test (please see JDK-8282538 for a detailled description, we got the same on RHEL9 instead of CentOS). So they are rather common errors on Linux I think and it would be nice to have them.
The CKR_COPY_PROHIBITED seems to be deprecated, see this discussion https://lists.oasis-open.org/archives/pkcs11/201306/msg00073.html ; so maybe we do not need it any more these days.
The older documentation still mentions it http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.html .
-------------
PR: https://git.openjdk.org/jdk/pull/9555
More information about the security-dev
mailing list