On Fri, 23 Apr 2021 19:32:35 GMT, Martin Balao <mba...@openjdk.org> wrote:
> Hi, > > Please find in this PR a proposal to fix JDK-8265462 [1]. > > With this fix, OpenJDK will only use the known slot IDs for the NSS Internal > Module. If the NSS Internal Module has more slots (for example, as a result > of an initialization sequence such as the one triggered from the > libnsssysinit.so library), they will be ignored. The goal is to handle > multiple-slots scenarios while keeping OpenJDK's previous behavior. > > No regressions observed in the jdk/sun/security/pkcs11 tests category. > > A new regression test was not added as part of this changeset because of its > complexity. It would depend on a specific NSS configuration, or the NSS > library would need to be mocked. I've done manual testing in my environment > and JDK-8265462 [1] has further information about it. > > Thanks, > Martin.- > > -- > [1] - https://bugs.openjdk.java.net/browse/JDK-8265462 Here are some comments. Rest looks fine. Thanks. Valerie src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Secmod.java line 81: > 79: > 80: private final static int FIPS_SLOT_ID = 0x3; > 81: Add a comment on where these are defined in native side, i.e. which sunpkcs11 header file as well as the NSS header just in case? src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Secmod.java line 415: > 413: } else { > 414: throw new RuntimeException("Unexpected slot ID in > the" + > 415: " NSS Internal Module"); Add the slot ID to the exception message? src/jdk.crypto.cryptoki/share/native/libj2pkcs11/j2secmod.h line 78: > 76: > 77: /* represent a pkcs#11 slot reference counted. */ > 78: struct PK11SlotInfoStr { nit: add which nss header this is from. src/jdk.crypto.cryptoki/share/native/libj2pkcs11/j2secmod.h line 166: > 164: }; > 165: > 166: struct SECMODModuleStr { Same nit: add which nss header this is from. ------------- PR: https://git.openjdk.java.net/jdk/pull/3661
