RFR: 8356087: Problematic KeyInfo check using key algorithm in P11SecretKeyFactory class [v2]
Valerie Peng
valeriep at openjdk.org
Wed May 7 22:43:10 UTC 2025
> In the PR for JDK-8348732 "SunJCE and SunPKCS11 have different PBE key encodings", the `P11SecretKeyFactory.convertKey(...)` method is refactored to call `getKeyInfo(keyAlgo)` and check that it's not `null`. However, this leads to problems for the `P11Mac` object when it's initialized with a key whose algorithm is not recognized by SunPKCS11 provider. It fails with an unexpected `InvalidKeyException`. Thus, reverting back to the pre-JDK8348732 code and calls `getKeyInfo(keyAlgo)` only when needed.
Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
minor wording changes for test summary.
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/25108/files
- new: https://git.openjdk.org/jdk/pull/25108/files/a4419f5d..0c37d587
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=25108&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=25108&range=00-01
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/25108.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/25108/head:pull/25108
PR: https://git.openjdk.org/jdk/pull/25108
More information about the security-dev
mailing list