JDK-8244154 : Update SunPKCS11 provider with PKCS11 v3.0 header files
Type:Enhancement
Component:security-libs
Sub-Component:javax.crypto:pkcs11
Priority:P3
Status:Resolved
Resolution:Fixed
OS:generic
CPU:generic
Submitted:2020-04-29
Updated:2024-11-20
Resolved:2020-12-01
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
PKCS#11 v3.0 is currently in the works.
http://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.html
Track and consider supporting this in JDK.
Comments
Fix Request [8u]
Please consider this backport to jdk8u for parity with Oracle 8u291.
8u review thread: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-July/014124.html
29-07-2021
Fix request (15u)
Requesting backport for parity with 11u, applies cleanly.
19-05-2021
Fix request (13u)
Requesting backport for parity with 11u, applies cleanly.
19-05-2021
Fix Request
Should get backported for parity with 11.0.11-oracle. Applies cleanly.
Changed the synopsis accordingly to match the changes.
26-10-2020
SHA-3 support for PKCS#11 is already tracked under https://bugs.openjdk.java.net/browse/JDK-8242332 and maybe done in JDK 16.
26-10-2020
Will need to do this in at least three steps:
1) update the PKCS#11 v3.0 headers
2) add additional support (time permits)
3) support the new PKCS#11 v3.0 new APIs
This RFE will address the 1). Depending on release cycle, 2) maybe handled under separate RFEs since RFE work can only be done until RPD1 which is approaching in a month and CSR is required.
26-10-2020
Presentation from Valerie Fenwick on PKCS#3.0: https://icmconference.org/wp-content/uploads/C22a-Fenwick.pdf
18-08-2020
PKCS#11 v3.0 become an OASIS standard on 15 June 2020: https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.html
Note that the correct header files are at the github repository instead of the usual published path (see below):
--------------------
ALERT: Due to a clerical error when publishing the Committee Specification, the header files listed above are outdated and may contain serious flaws. The TC is addressing this in the next round of edits. Meanwhile, users of the standard can find the correct header files at https://github.com/oasis-tcs/pkcs11/tree/master/working/3-00-current.
----------------------