RFR: 8356087: Problematic KeyInfo check using key algorithm in P11SecretKeyFactory class [v2]
Weijun Wang
weijun at openjdk.org
Tue May 13 00:14:50 UTC 2025
On Wed, 7 May 2025 22:43:10 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> In the PR for JDK-8348732 "SunJCE and SunPKCS11 have different PBE key encodings", the `P11SecretKeyFactory.convertKey(...)` method is refactored to call `getKeyInfo(keyAlgo)` and check that it's not `null`. However, this leads to problems for the `P11Mac` object when it's initialized with a key whose algorithm is not recognized by SunPKCS11 provider. It fails with an unexpected `InvalidKeyException`. Thus, reverting back to the pre-JDK8348732 code and calls `getKeyInfo(keyAlgo)` only when needed.
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>
> minor wording changes for test summary.
Marked as reviewed by weijun (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/25108#pullrequestreview-2834967673
More information about the security-dev
mailing list