[jdk17u-dev] RFR: 8325254: CKA_TOKEN private and secret keys are not necessarily sensitive
Martin Balao
mbalao at openjdk.org
Thu Mar 14 20:20:41 UTC 2024
On Thu, 14 Mar 2024 20:05:23 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:
> Hi, this is a second take of #2223, the backport of [JDK-8325254: CKA_TOKEN private and secret keys are not necessarily sensitive](https://bugs.openjdk.org/browse/JDK-8325254), backed out by #2249.
>
> Even though the original patch applies cleanly to 17u, it introduces a dependency on `P11Util::isNSS()` from [JDK-8301553: Support Password-Based Cryptography in SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553).
>
> I only picked the `P11Util::isNSS()` changes since the whole PBE patch would require a deeper assessment and testing.
>
> ### Testing
>
> * Build `linux-x86_64-server-release` and `linux-x86_64-server-slowdebug`
> * Locally execute _SunPKCS11_ tests (`test/jdk/sun/security/pkcs11`) in both builds
> * Ensure all the patched lines have coverage by attaching a debugger during the execution
> * Locally execute `jdk:tier1` in both builds
> * Review GitHub Actions from [run 8285374490 on `backport-8325254 at franferrax/jdk17u-dev`](https://github.com/franferrax/jdk17u-dev/actions/runs/8285374490)
> * The only failure is due to [JDK-8326960: GHA: RISC-V linux-cross-compile is failing](https://bugs.openjdk.org/browse/JDK-8326960)
>
> Regards,\
> Francisco
Looks good to me.
-------------
Marked as reviewed by mbalao (Reviewer).
PR Review: https://git.openjdk.org/jdk17u-dev/pull/2299#pullrequestreview-1937645346
More information about the jdk-updates-dev
mailing list