On Wed, 1 Dec 2021 21:42:51 GMT, Valerie Peng <valer...@openjdk.org> wrote:
> PKCS#11 v3.0 adds the support for several new APIs. For this particular RFE,
> it enhances SunPKCS11 provider to load PKCS#11 provider by first trying the
> C_GetInterface (new in 3.0) before the C_GetFunctionList assuming not
> explicitly specified in config. In addition, PKCS#11 v3.0 defines a new API
> for cancelling session operations, so I've also updated various classes to
> call this new API if the PKCS#11 library version is 3.0. Otherwise, these
> classes will try to cancel by finishing off current operations as before. The
> support for the new C_LoginUser() has not been tested, so I commented it out
> for now. Given the current release schedule, support for other new PKCS#11
> APIs (such as message-based ones and parameters structure) and options for
> C_GetInterface (if needed) will be handled later.
>
> I validated the current changes against different NSS releases (supports
> PKCS#11 v2.40 and v3..0 respectively) with existing regression tests.
>
> Thanks,
> Valerie
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java line 418:
> 416: }
> 417: String word = st.sval;
> 418: switch (word) {
Since every case has a break it's probably better to use the enhanced switch
(`case "x" -> ...;`). It's safer and also saves quite some lines. An IDE can
help you with the conversion.
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java
line 405:
> 403: private void cancelOperation() {
> 404: // cancel operation by finishing it; avoid killSession as some
> 405: // hardware vendors may require re-login
The new `cancelOperation()` methods seems identical everywhere. Is it possible
to consolidate it to a helper method like `trySessionCancel(token, session,
flags)`? It can return true if canceled successfully, false if needs a
fallback, and can still throw a `ProviderException`.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6655
