RFR 8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
Martin Balao
mbalao at redhat.com
Tue Aug 4 21:03:40 UTC 2020
Hi,
I'd like to propose a fix for 8251117 [1], on behalf of Zdenek Zambersky
(Red Hat employee - OCA signed).
Webrev.00:
* http://cr.openjdk.java.net/~mbalao/webrevs/8251117/8251117.webrev.00/
As noted in the ticket [1], the fix is about using P11Key::length method
for retrieving P11Key sizes when initializing P11Cipher and
P11AEADCipher instances. By doing that, we avoid NullPointerExceptions
that happens when the P11Key is CKA_SENSITIVE and cannot be extracted in
plain (this is the case for NSS software token keys configured in FIPS
mode).
I found no regressions in sun/security/pkcs11 tests. I've also done
manual testing in my NSS-FIPS environment.
Thanks,
Martin.-
--
[1] - https://bugs.openjdk.java.net/browse/JDK-8251117
More information about the security-dev
mailing list