RFR: 8349849: PKCS11 SunTlsKeyMaterial crashes when used with TLS1.2 TlsKeyMaterialParameterSpec
Bradford Wetmore
wetmore at openjdk.org
Thu Feb 13 20:13:10 UTC 2025
On Thu, 13 Feb 2025 19:37:39 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java line 124:
>>
>>> 122: } else if (tlsVersion == 0x0303) {
>>> 123: mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE;
>>> 124: }
>>
>> So this hasn't worked since the TLSv1.2 support was added in 2018? Ouch!
>>
>> I wonder if how many are using PKCS11 for TLS. Seems like this should have been found earlier.
>>
>> Double check with @valeriepeng , but looks ok to me...
>
> It's not that bad, the crash only happens when you (mis-)use SunTlsKeyMaterial instead of SunTls12KeyMaterial with TLS 1.2. JSSE uses the correct one. I only hit this bug when experimenting with tests.
Whew...thanks.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23583#discussion_r1955151548
More information about the security-dev
mailing list