[jdk17u-dev] RFR: 8325254: CKA_TOKEN private and secret keys are not necessarily sensitive
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Thu Mar 14 20:09:53 UTC 2024
Hi, this is a second take of #2223, the backport of [JDK-8325254: CKA_TOKEN private and secret keys are not necessarily sensitive](https://bugs.openjdk.org/browse/JDK-8325254), backed out by #2249.
Even though the original patch applies cleanly to 17u, it introduces a dependency on `P11Util::isNSS()` from [JDK-8301553: Support Password-Based Cryptography in SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553).
I only picked the `P11Util::isNSS()` changes since the whole PBE patch would require a deeper assessment and testing.
### Testing
* Build `linux-x86_64-server-release` and `linux-x86_64-server-slowdebug`
* Locally execute _SunPKCS11_ tests (`test/jdk/sun/security/pkcs11`) in both builds
* Ensure all the patched lines have coverage by attaching a debugger during the execution
* Locally execute `jdk:tier1` in both builds
* Review GitHub Actions from [run 8285374490 on `backport-8325254 at franferrax/jdk17u-dev`](https://github.com/franferrax/jdk17u-dev/actions/runs/8285374490)
* The only failure is due to [JDK-8326960: GHA: RISC-V linux-cross-compile is failing](https://bugs.openjdk.org/browse/JDK-8326960)
Regards,\
Francisco
-------------
Commit messages:
- Backport 0f5f3c9b9718c610406088327401210486447462
Changes: https://git.openjdk.org/jdk17u-dev/pull/2299/files
Webrev: https://webrevs.openjdk.org/?repo=jdk17u-dev&pr=2299&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8325254
Stats: 18 lines in 3 files changed: 10 ins; 4 del; 4 mod
Patch: https://git.openjdk.org/jdk17u-dev/pull/2299.diff
Fetch: git fetch https://git.openjdk.org/jdk17u-dev.git pull/2299/head:pull/2299
PR: https://git.openjdk.org/jdk17u-dev/pull/2299
More information about the jdk-updates-dev
mailing list