RFR: 8335288: SunPKCS11 initialization will call C_GetMechanismInfo on unsupported mechanisms
Martin Balao
mbalao at openjdk.org
Tue Aug 6 22:45:34 UTC 2024
On Tue, 6 Aug 2024 22:27:36 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> Can someone help review this fix? Changed the required-mechanism check by checking if the particular mechanism is inside the list of enabled supported mechanisms. This should be more reliable than calling C_GetMechanismInfo(..) on the required mechanism given vendors may return various sorts of error codes.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java line 1297:
>
>> 1295: new HashMap<Descriptor,Integer>();
>> 1296:
>> 1297: for (long longMech : supportedMechanisms) {
>
> Is the code under `if (!config.isEnabled(longMech)) {` still needed? Looks to me that we will be iterating over enabled mechanisms now.
Just for the record, I want to note that we will not longer be showing information about supported but disabled mechanisms here.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20207#discussion_r1706184243
More information about the security-dev
mailing list