Seeing an internal test failure on Solaris 11.4. Appears connected with
the recent upgrade of PKCS11 libraries to v2.40. The test coverage has
increased since SunPKCS11-Solaris now supports AES/GCM. Unfortunately
the bug details are not public but I'll give a summary here.
The new test code coverage provokes a CKR_MECHANISM_PARAM_INVALID error
from the underlying provider and the test expects
InvalidAlgorithmParameterException to be thrown by the Provider.
InvalidKeyException is currently thrown by SunPKCS11-Solaris. The patch
is quite trivial:
+++ b/src/share/classes/sun/security/pkcs11/P11AEADCipher.java
@@ -322,6 +322,9 @@
try {
initialize();
} catch (PKCS11Exception e) {
+ if (e.getErrorCode() == CKR_MECHANISM_PARAM_INVALID) {
+ throw new InvalidAlgorithmParameterException("Bad params", e);
+ }
throw new InvalidKeyException("Could not initialize
cipher", e);
}
}
regards,
Sean.
