Re: [13] RFR JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support

Fri, 24 May 2019 15:38:00 -0700 

Hi Sean,
Thanks much for the suggestion. I have added the info on newly supported algorithms to both the CSR and the bug record. Please let me know if you have more comments. 

All,


RFEs need to be integrated by 6/13. Can someone help reviewing this 
soon? Mach5 run is clean. I up'ed the version of webrev to webrev.01 due 
to the additional support for RSASSA-PSS signatures.


RFE: https://bugs.openjdk.java.net/browse/JDK-8080462
CSR: https://bugs.openjdk.java.net/browse/JDK-8221442
Webrev: http://cr.openjdk.java.net/~valeriep/8080462/webrev.01/

Thanks,
Valerie

On 5/22/2019 7:55 AM, Sean Mullan wrote:

On 5/21/19 7:19 PM, Valerie Peng wrote:



I thought we always file CSR when updating the version of external 
standard, e.g. documenting the import aspect of JDK.



Good point though I think that was primarily based on whether the 
external standard was referenced in the javadocs of the standard APIs 
or influenced the behavior of existing APIs in some way. I don't think 
PKCS#11 is referenced from any of our standard APIs, but since this 
new version does add support for additional crypto algorithms via the 
standard APIs that weren't previously available, that sounds like a 
good enough reason for filing the CSR.



I would recommend adding some additional details to the CSR to list 
what new features/algorithms PKCS#11 v2.40 provides and which standard 
APIs those features are applicable to. It would also be helpful to add 
similar details to the main issue and the release note as there aren't 
many details about what features are in the new version.


Thanks,
Sean



I'd love to close/withdraw the CSR if it's not needed.

Thanks,
Valerie
On 5/20/2019 12:11 PM, Sean Mullan wrote:

On 5/17/19 3:56 PM, Valerie Peng wrote:



Thanks Martin for helping me troubleshoot NSS side, I added PSS 
support into PKCS11 provider and added PSS-specific regression 
tests. Please find webrev updated as below:


http://cr.openjdk.java.net/~valeriep/8080462/webrev.01/


Can someone help review the CSR first as the approval may take a 
week or so.



I am curious why a CSR is needed? This seems to be strictly an 
implementation change with no compatibility effects.


--Sean



Thanks,
Valerie
On 4/12/2019 5:05 PM, Valerie Peng wrote:



Anyone has time to review this? Besides the header files update, I 
added support for AES/GCM/NoPadding support. Ran into some strange 
NSS error with RSASSA-PSS signature mechanism, so I have not 
included the PSS signature impl here.


RFE: https://bugs.openjdk.java.net/browse/JDK-8080462

Webrev: http://cr.openjdk.java.net/~valeriep/8080462/webrev.00/

CSR: https://bugs.openjdk.java.net/browse/JDK-8221442

Thanks,
Valerie
























					Reply via email to