Hi, I'd like to propose a fix for 8251117 [1], on behalf of Zdenek Zambersky (Red Hat employee - OCA signed).
Webrev.00: * http://cr.openjdk.java.net/~mbalao/webrevs/8251117/8251117.webrev.00/ As noted in the ticket [1], the fix is about using P11Key::length method for retrieving P11Key sizes when initializing P11Cipher and P11AEADCipher instances. By doing that, we avoid NullPointerExceptions that happens when the P11Key is CKA_SENSITIVE and cannot be extracted in plain (this is the case for NSS software token keys configured in FIPS mode). I found no regressions in sun/security/pkcs11 tests. I've also done manual testing in my NSS-FIPS environment. Thanks, Martin.- -- [1] - https://bugs.openjdk.java.net/browse/JDK-8251117
