RFR 8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher

Valerie Peng valerie.peng at oracle.com
Fri Aug 7 21:30:02 UTC 2020


Sure, looks fine to me as well.

Thanks,

Valerie

On 8/4/2020 2:03 PM, Martin Balao wrote:
> Hi,
>
> I'd like to propose a fix for 8251117 [1], on behalf of Zdenek Zambersky
> (Red Hat employee - OCA signed).
>
> Webrev.00:
>
>   * http://cr.openjdk.java.net/~mbalao/webrevs/8251117/8251117.webrev.00/
>
> As noted in the ticket [1], the fix is about using P11Key::length method
> for retrieving P11Key sizes when initializing P11Cipher and
> P11AEADCipher instances. By doing that, we avoid NullPointerExceptions
> that happens when the P11Key is CKA_SENSITIVE and cannot be extracted in
> plain (this is the case for NSS software token keys configured in FIPS
> mode).
>
> I found no regressions in sun/security/pkcs11 tests. I've also done
> manual testing in my NSS-FIPS environment.
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.java.net/browse/JDK-8251117
>


More information about the security-dev mailing list