On Tue, 4 May 2021 22:24:36 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Hi, >> >> Please find in this PR a proposal to fix JDK-8265462 [1]. >> >> With this fix, OpenJDK will only use the known slot IDs for the NSS Internal >> Module. If the NSS Internal Module has more slots (for example, as a result >> of an initialization sequence such as the one triggered from the >> libnsssysinit.so library), they will be ignored. The goal is to handle >> multiple-slots scenarios while keeping OpenJDK's previous behavior. >> >> No regressions observed in the jdk/sun/security/pkcs11 tests category. >> >> A new regression test was not added as part of this changeset because of its >> complexity. It would depend on a specific NSS configuration, or the NSS >> library would need to be mocked. I've done manual testing in my environment >> and JDK-8265462 [1] has further information about it. >> >> Thanks, >> Martin.- >> >> -- >> [1] - https://bugs.openjdk.java.net/browse/JDK-8265462 > > src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Secmod.java line 81: > >> 79: >> 80: private final static int FIPS_SLOT_ID = 0x3; >> 81: > > Add a comment on where these are defined in native side, i.e. which sunpkcs11 > header file as well as the NSS header just in case? Good, will add references to both > src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Secmod.java line > 415: > >> 413: } else { >> 414: throw new RuntimeException("Unexpected slot ID in >> the" + >> 415: " NSS Internal Module"); > > Add the slot ID to the exception message? Good idea ------------- PR: https://git.openjdk.java.net/jdk/pull/3661
