On Mon, 6 Dec 2021 17:24:44 GMT, Anthony Scarpino <ascarp...@openjdk.org> wrote:
>> PKCS#11 v3.0 adds the support for several new APIs. For this particular RFE, >> it enhances SunPKCS11 provider to load PKCS#11 provider by first trying the >> C_GetInterface (new in 3.0) before the C_GetFunctionList assuming not >> explicitly specified in config. In addition, PKCS#11 v3.0 defines a new API >> for cancelling session operations, so I've also updated various classes to >> call this new API if the PKCS#11 library version is 3.0. Otherwise, these >> classes will try to cancel by finishing off current operations as before. >> The support for the new C_LoginUser() has not been tested, so I commented it >> out for now. Given the current release schedule, support for other new >> PKCS#11 APIs (such as message-based ones and parameters structure) and >> options for C_GetInterface (if needed) will be handled later. >> >> I validated the current changes against different NSS releases (supports >> PKCS#11 v2.40 and v3..0 respectively) with existing regression tests. >> >> Thanks, >> Valerie > > src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java > line 275: > >> 273: >> 274: if (token.p11.getVersion().major == 3) { >> 275: long flags = (mode == M_SIGN? CKF_SIGN : CKF_VERIFY); > > I think this is a syntax nit with no space between M_SIGN and '?' Ok, will add the space. ------------- PR: https://git.openjdk.java.net/jdk/pull/6655