RFR: JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes

Matthias Baesken mbaesken at openjdk.org
Wed Jul 20 06:52:02 UTC 2022

On Tue, 19 Jul 2022 20:37:09 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> None of the 3 proposed error codes in this PR is in the standard PKCS#11 header files - two of them are vendor specific. For vendor specific error code, such direct mapping may be incorrect. As for CKR_COPY_PROHIBITED, I can't find any reference in your cited PKCS#11 spec above. Do you have other standard source for it?

Hi Valerie, yes 0xCE534351L and 0xCE534352L are vendor specific but I added them because we got those  (well the first one) in our jtreg test (please see JDK-8282538 for a detailled description,  we got the same on RHEL9 instead of CentOS). So they are rather common errors on Linux I think and it would be nice to have them.
The  CKR_COPY_PROHIBITED  seems to be deprecated, see this discussion  https://lists.oasis-open.org/archives/pkcs11/201306/msg00073.html  ;  so maybe we do not need it any more these days.
The older documentation still mentions it http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.html  .


PR: https://git.openjdk.org/jdk/pull/9555

More information about the security-dev mailing list