JDK-8244154 : Update SunPKCS11 provider with PKCS11 v3.0 header files
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2020-04-29
  • Updated: 2021-08-18
  • Resolved: 2020-12-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 15 JDK 16 JDK 7 JDK 8 Other
11.0.11-oracleFixed 13.0.8Fixed 15.0.4Fixed 16 b27Fixed 7u331Unresolved 8u291Fixed openjdk8u312Fixed
Related Reports
Relates :  
Relates :  
Relates :  
Relates :  
Description
PKCS#11 v3.0 is currently in the works.
http://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.html

Track and consider supporting this in JDK.
Comments
Fix Request [8u] Please consider this backport to jdk8u for parity with Oracle 8u291. 8u review thread: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-July/014124.html
29-07-2021

Fix request (15u) Requesting backport for parity with 11u, applies cleanly.
19-05-2021

Fix request (13u) Requesting backport for parity with 11u, applies cleanly.
19-05-2021

Fix Request Should get backported for parity with 11.0.11-oracle. Applies cleanly.
15-01-2021

Changeset: 7d898524 Author: Valerie Peng <valeriep@openjdk.org> Date: 2020-12-01 00:49:39 +0000 URL: https://git.openjdk.java.net/jdk/commit/7d898524
01-12-2020

Changed the synopsis accordingly to match the changes.
26-10-2020

SHA-3 support for PKCS#11 is already tracked under https://bugs.openjdk.java.net/browse/JDK-8242332 and maybe done in JDK 16.
26-10-2020

Will need to do this in at least three steps: 1) update the PKCS#11 v3.0 headers 2) add additional support (time permits) 3) support the new PKCS#11 v3.0 new APIs This RFE will address the 1). Depending on release cycle, 2) maybe handled under separate RFEs since RFE work can only be done until RPD1 which is approaching in a month and CSR is required.
26-10-2020

Presentation from Valerie Fenwick on PKCS#3.0: https://icmconference.org/wp-content/uploads/C22a-Fenwick.pdf
18-08-2020

PKCS#11 v3.0 become an OASIS standard on 15 June 2020: https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.html Note that the correct header files are at the github repository instead of the usual published path (see below): -------------------- ALERT: Due to a clerical error when publishing the Committee Specification, the header files listed above are outdated and may contain serious flaws. The TC is addressing this in the next round of edits. Meanwhile, users of the standard can find the correct header files at https://github.com/oasis-tcs/pkcs11/tree/master/working/3-00-current. ----------------------
04-08-2020