JDK-8244154 : Update SunPKCS11 provider with PKCS11 v3.0 header files
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2020-04-29
  • Updated: 2021-08-18
  • Resolved: 2020-12-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 15 JDK 16 JDK 7 JDK 8 Other
11.0.11-oracleFixed 13.0.8Fixed 15.0.4Fixed 16 b27Fixed 7u331Unresolved 8u291Fixed openjdk8u312Fixed
Related Reports
Relates :  
Relates :  
Relates :  
Relates :  
PKCS#11 v3.0 is currently in the works.

Track and consider supporting this in JDK.
Fix Request [8u] Please consider this backport to jdk8u for parity with Oracle 8u291. 8u review thread: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-July/014124.html

Fix request (15u) Requesting backport for parity with 11u, applies cleanly.

Fix request (13u) Requesting backport for parity with 11u, applies cleanly.

Fix Request Should get backported for parity with 11.0.11-oracle. Applies cleanly.

Changeset: 7d898524 Author: Valerie Peng <valeriep@openjdk.org> Date: 2020-12-01 00:49:39 +0000 URL: https://git.openjdk.java.net/jdk/commit/7d898524

Changed the synopsis accordingly to match the changes.

SHA-3 support for PKCS#11 is already tracked under https://bugs.openjdk.java.net/browse/JDK-8242332 and maybe done in JDK 16.

Will need to do this in at least three steps: 1) update the PKCS#11 v3.0 headers 2) add additional support (time permits) 3) support the new PKCS#11 v3.0 new APIs This RFE will address the 1). Depending on release cycle, 2) maybe handled under separate RFEs since RFE work can only be done until RPD1 which is approaching in a month and CSR is required.

Presentation from Valerie Fenwick on PKCS#3.0: https://icmconference.org/wp-content/uploads/C22a-Fenwick.pdf

PKCS#11 v3.0 become an OASIS standard on 15 June 2020: https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.html Note that the correct header files are at the github repository instead of the usual published path (see below): -------------------- ALERT: Due to a clerical error when publishing the Committee Specification, the header files listed above are outdated and may contain serious flaws. The TC is addressing this in the next round of edits. Meanwhile, users of the standard can find the correct header files at https://github.com/oasis-tcs/pkcs11/tree/master/working/3-00-current. ----------------------