Integrated: 8356087: Problematic KeyInfo check using key algorithm in P11SecretKeyFactory class

Valerie Peng valeriep at openjdk.org
Tue May 13 03:50:03 UTC 2025


On Wed, 7 May 2025 22:24:50 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> In the PR for JDK-8348732 "SunJCE and SunPKCS11 have different PBE key encodings", the `P11SecretKeyFactory.convertKey(...)` method is refactored to call `getKeyInfo(keyAlgo)` and check that it's not `null`. However, this leads to problems for the `P11Mac` object when it's initialized with a key whose algorithm is not recognized by SunPKCS11 provider. It fails with an unexpected `InvalidKeyException`. Thus, reverting back to the pre-JDK8348732 code and calls `getKeyInfo(keyAlgo)` only when needed.

This pull request has now been integrated.

Changeset: 4fc10a1e
Author:    Valerie Peng <valeriep at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/4fc10a1e7e9483ecddbaaa9fb52c4db52de86cc8
Stats:     83 lines in 2 files changed: 67 ins; 8 del; 8 mod

8356087: Problematic KeyInfo check using key algorithm in P11SecretKeyFactory class

Reviewed-by: weijun

-------------

PR: https://git.openjdk.org/jdk/pull/25108


More information about the security-dev mailing list