RFR: 8328556: Do not extract large CKO_SECRET_KEY keys from the NSS Software Token
Daniel Jeliński
djelinski at openjdk.org
Thu Mar 21 06:35:19 UTC 2024
On Wed, 20 Mar 2024 03:39:58 GMT, Martin Balao <mbalao at openjdk.org> wrote:
> Hi,
>
> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY keys from the NSS Software Token". See more details in the JBS ticket [1].
>
> No regressions observed in jdk/sun/security/pkcs11.
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.org/browse/JDK-8328556
Would it be possible to add a regression test for this? I think you should be able to trigger a failure by calculating a HMAC using the same key two times.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/18389#issuecomment-2011311294
More information about the security-dev
mailing list