RFR: 8368073: PKCS11 HKDF can't use byte array IKM in FIPS mode [v2]
Valerie Peng
valeriep at openjdk.org
Wed Sep 24 02:17:44 UTC 2025
On Tue, 23 Sep 2025 15:36:26 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> test/jdk/sun/security/pkcs11/tls/tls12/nss.cfg line 14:
>>
>>> 12:
>>> 13: attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET) = {
>>> 14: CKA_SIGN = true
>>
>> also add `CKA_EXTRACTABLE = false` ?
>
> I'd rather not. That would disable key extraction, and would likely bring back [JDK-6913047](https://bugs.openjdk.org/browse/JDK-6913047)
Ok, either way is fine.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27384#discussion_r2373871002
More information about the security-dev
mailing list