RFR[14] 8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures.

Xuelei Fan Xuelei.Fan at Oracle.Com
Thu Oct 31 01:28:15 UTC 2019


> On Oct 30, 2019, at 2:00 PM, Anthony Scarpino <anthony.scarpino at oracle.com> wrote:
>> On 10/30/19 1:13 PM, Valerie Peng wrote:
>> Anyone has a minute to review this trivial fix? The supported key size info for the PKCS#11 PSS mechanism should be in bits. The current code treat them as in bytes. This does not cause any existing regression test failure because NSS has a very low value, i.e. 128, as the minimum key size.
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8232950
>> Webrev: http://cr.openjdk.java.net/~valeriep/8232950/webrev.00/
>> Mach5 run passed.
>> Thanks,
>> Valerie
> It looks good to me.
> Tony

More information about the security-dev mailing list