On Sun, 5 Dec 2021 05:00:51 GMT, Weijun Wang <[email protected]> wrote:
>> PKCS#11 v3.0 adds the support for several new APIs. For this particular RFE,
>> it enhances SunPKCS11 provider to load PKCS#11 provider by first trying the
>> C_GetInterface (new in 3.0) before the C_GetFunctionList assuming not
>> explicitly specified in config. In addition, PKCS#11 v3.0 defines a new API
>> for cancelling session operations, so I've also updated various classes to
>> call this new API if the PKCS#11 library version is 3.0. Otherwise, these
>> classes will try to cancel by finishing off current operations as before.
>> The support for the new C_LoginUser() has not been tested, so I commented it
>> out for now. Given the current release schedule, support for other new
>> PKCS#11 APIs (such as message-based ones and parameters structure) and
>> options for C_GetInterface (if needed) will be handled later.
>>
>> I validated the current changes against different NSS releases (supports
>> PKCS#11 v2.40 and v3..0 respectively) with existing regression tests.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java
> line 405:
>
>> 403: private void cancelOperation() {
>> 404: // cancel operation by finishing it; avoid killSession as some
>> 405: // hardware vendors may require re-login
>
> The new `cancelOperation()` methods seems identical everywhere. Is it
> possible to consolidate it to a helper method like `trySessionCancel(token,
> session, flags)`? It can return true if canceled successfully, false if needs
> a fallback, and can still throw a `ProviderException`.
I assume you mean the if-() block of code? I can move the code into a helper
method inside the P11Util class.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6655
