RFR: 8349849: PKCS11 SunTlsKeyMaterial crashes when used with TLS1.2 TlsKeyMaterialParameterSpec
Daniel Jeliński
djelinski at openjdk.org
Thu Feb 13 18:35:13 UTC 2025
On Thu, 13 Feb 2025 18:12:52 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Please review this trivial fix that ensures that the mechanism always matches the parameter class type.
>>
>> I added a new test case that crashes without the fix, passes with the fix. Existing tier1-3 test cases continue to pass.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java line 122:
>
>> 120: } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
>> 121: mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
>> 122: } else if (tlsVersion == 0x0303) {
>
> Should TLS 1.2 also use CKM_TLS12_KEY_AND_MAC_DERIVE?
TLS 1.2 is version 3.3.
The versions are:
SSL 3.0 - 3.0
TLS 1.0 - 3.1
TLS 1.1 - 3.2
TLS 1.2 - 3.3
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23583#discussion_r1955032712
More information about the security-dev
mailing list