[jdk17u-dev] Integrated: 8325254: CKA_TOKEN private and secret keys are not necessarily sensitive

[Francisco Ferrari Bihurriet]

On Thu, 14 Mar 2024 20:05:23 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:

> Hi, this is a second take of #2223, the backport of [JDK-8325254: CKA_TOKEN private and secret keys are not necessarily sensitive](https://bugs.openjdk.org/browse/JDK-8325254), backed out by #2249.
> 
> Even though the original patch applies cleanly to 17u, it introduces a dependency on `P11Util::isNSS()` from [JDK-8301553: Support Password-Based Cryptography in SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553).
> 
> I only picked the `P11Util::isNSS()` changes since the whole PBE patch would require a deeper assessment and testing.
> 
> ### Testing
> 
> * Build `linux-x86_64-server-release` and `linux-x86_64-server-slowdebug`
> * Locally execute _SunPKCS11_ tests (`test/jdk/sun/security/pkcs11`) in both builds
>     * Ensure all the patched lines have coverage by attaching a debugger during the execution
> * Locally execute `jdk:tier1` in both builds
> * Review GitHub Actions from [run 8285374490 on `backport-8325254 at franferrax/jdk17u-dev`](https://github.com/franferrax/jdk17u-dev/actions/runs/8285374490)
>     * The only failure is due to [JDK-8326960: GHA: RISC-V linux-cross-compile is failing](https://bugs.openjdk.org/browse/JDK-8326960)
> 
> Regards,\
> Francisco

This pull request has now been integrated.

Changeset: d29fe03c
Author:    Francisco Ferrari Bihurriet <fferrari at openjdk.org>
Committer: Martin Balao <mbalao at openjdk.org>
URL:       https://git.openjdk.org/jdk17u-dev/commit/d29fe03c812c3665c88593d0a333d96a83d7ed76
Stats:     18 lines in 3 files changed: 10 ins; 4 del; 4 mod

8325254: CKA_TOKEN private and secret keys are not necessarily sensitive

Reviewed-by: mbalao
Backport-of: 0f5f3c9b9718c610406088327401210486447462

-------------

PR: https://git.openjdk.org/jdk17u-dev/pull/2299