Integrated: 8356087: Problematic KeyInfo check using key algorithm in P11SecretKeyFactory class
Valerie Peng
valeriep at openjdk.org
Tue May 13 03:50:03 UTC 2025
On Wed, 7 May 2025 22:24:50 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> In the PR for JDK-8348732 "SunJCE and SunPKCS11 have different PBE key encodings", the `P11SecretKeyFactory.convertKey(...)` method is refactored to call `getKeyInfo(keyAlgo)` and check that it's not `null`. However, this leads to problems for the `P11Mac` object when it's initialized with a key whose algorithm is not recognized by SunPKCS11 provider. It fails with an unexpected `InvalidKeyException`. Thus, reverting back to the pre-JDK8348732 code and calls `getKeyInfo(keyAlgo)` only when needed.
This pull request has now been integrated.
Changeset: 4fc10a1e
Author: Valerie Peng <valeriep at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/4fc10a1e7e9483ecddbaaa9fb52c4db52de86cc8
Stats: 83 lines in 2 files changed: 67 ins; 8 del; 8 mod
8356087: Problematic KeyInfo check using key algorithm in P11SecretKeyFactory class
Reviewed-by: weijun
-------------
PR: https://git.openjdk.org/jdk/pull/25108
More information about the security-dev
mailing list