RFR: 8368694: PKCS11-NSS generic keys generated by DH have leading zeroes stripped [v2]
Valerie Peng
valeriep at openjdk.org
Wed Oct 8 17:29:18 UTC 2025
On Wed, 8 Oct 2025 10:13:01 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> The DiffieHellman KeyAgreement supports 2 key algorithms: TlsPremasterSecret and Generic. The Generic algorithm is supposed to generate keys of a constant length, keeping leading zeroes as appropriate.
>>
>> This PR changes the SunPKCS11 implementation to pass a CKA_VALUE_LEN attribute when a fixed length is needed; when the attribute is absent, the PKCS11 provider strips the leading zeroes.
>>
>> Added a check to the existing test cases to verify the fix. The check passes with the fix, fails without it. Other tier1-3 tests continue to pass.
>
> Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
>
> Use CKA_VALUE_LEN in parameterless engineGenerateSecret
Changes look good.
-------------
Marked as reviewed by valeriep (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/27494#pullrequestreview-3315836291
More information about the security-dev
mailing list