Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 23
Affects Version/s: 8, 11, 17, 21
Component/s: security-libs
Labels:

Subcomponent:
javax.crypto:pkcs11
Resolved In Build:
b23
Verification:
Not verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8332590	22.0.2	Prajwal Kumaraswamy	P3	Resolved	Fixed	b08
JDK-8333134	21.0.5-oracle	Prajwal Kumaraswamy	P3	Resolved	Fixed	b01
JDK-8333425	21.0.5	Martin Doerr	P3	Resolved	Fixed	b01
JDK-8333683	17.0.13-oracle	Prajwal Kumaraswamy	P3	Resolved	Fixed	b01
JDK-8333999	17.0.13	Martin Doerr	P3	Resolved	Fixed	b01
JDK-8333708	11.0.25-oracle	Prajwal Kumaraswamy	P3	Resolved	Fixed	b01
JDK-8335175	11.0.25	Martin Doerr	P3	Resolved	Fixed	b01
JDK-8335153	8u431	Prajwal Kumaraswamy	P3	Resolved	Fixed	b01

For Ciphers running through the CKM_AES_GCM SunPKCS11 mechanism - two types of CK_GCM_PARAMS struct are used in order to deal with interoperability issues introduced with PKCS#11 v2.40. (~~JDK-8080462~~/~~JDK-8229243~~)

CK_GCM_PARAMS_NO_IVBITS is attempted first. If that fails, then CK_GCM_PARAMS is attempted.

This is a performance hit since only the 2nd struct is successful in both NSS and Solaris libpkcs11 where PKCS#11 spec version is 2.40 and above.

e.g:
/2: lseek(15, 0x0001B390, SEEK_SET) = 111504
/2: read(15, "85 R m S12 Q18 =97B7 ] p".., 579) = 579
/2@2: -> libpkcs11:C_EncryptInit(0x1005d6770, 0x1007a46a0, 0x1005fa840, 0x0)
/2@2: -> libucrypto:crypto_encrypt_init(0xffffffff7f2eee08, 0xffffffff7f2eee20, 0x0, 0x1005d68b8)
/2@2: <- libucrypto:crypto_encrypt_init() = 29
/2@2: <- libpkcs11:C_EncryptInit() = 113
/2@2: -> libpkcs11:C_EncryptInit(0x1005d6770, 0x1007a46a0, 0x1005fa840, 0x71)
/2@2: -> libucrypto:crypto_encrypt_init(0xffffffff7f2eee08, 0xffffffff7f2eee20, 0x0, 0x1005d68b8)
/2@2: <- libucrypto:crypto_encrypt_init() = 0
/2@2: <- libpkcs11:C_EncryptInit() = 0

backported by

JDK-8332590 Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

Resolved

JDK-8333134 Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

Resolved

JDK-8333425 Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

Resolved

JDK-8333683 Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

Resolved

JDK-8333708 Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

Resolved

JDK-8333999 Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

Resolved

JDK-8335153 Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

Resolved

JDK-8335175 Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

Resolved

relates to

JDK-8229243 SunPKCS11-Solaris provider tests failing on Solaris 11.4

Closed

JDK-8080462 Update SunPKCS11 provider with PKCS11 v2.40 support

Resolved

links to

Commit openjdk/jdk11u-dev/e61adf68

Commit openjdk/jdk17u-dev/d3c1ad34

Commit openjdk/jdk21u-dev/594b3099

Commit openjdk/jdk22u/98362090

Commit openjdk/jdk/7c2c24fc

Review openjdk/jdk11u-dev/2811

Review openjdk/jdk17u-dev/2560

Review openjdk/jdk21u-dev/645

Review openjdk/jdk22u/203

Review openjdk/jdk/18425

(3 backported by, 2 relates to, 10 links to)

Assignee:: Prajwal Kumaraswamy

Reporter:: Sean Coffey

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2021-02-09 04:38

Updated:: 2024-07-10 07:23

Resolved:: 2024-05-13 09:12

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates