Re: RFR: 8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key

Mon, 04 Oct 2021 00:08:34 -0700 

On Fri, 23 Jul 2021 10:33:14 GMT, Alexey Bakhtin <abakh...@openjdk.org> wrote:

> Hello,
> 
> Could you please review the small patch for the issue described in 
> JDK-8271199: Mutual TLS handshake fails signing client certificate with 
> custom sensitive PKCS11 key
> 
> I suggest updating the RSAPSSSignature.isValid() method to verify if provided 
> key components can be applied to SunRSASign implementation. 
> If not applied, implementation can try to select signer from other providers
> 
> Regards
> Alexey

Hey,
Same issue using nCipherKM provider

Caused by: com.ncipher.provider.nCSecurityException: The key material is not 
exportable outside of the HSM
        at com.ncipher.provider.Utils.exportKey(Utils.java:1539)
        at com.ncipher.provider.Utils.getCrtParams(Utils.java:1486)
        at 
com.ncipher.provider.km.KMRSAPrivateCrtKey.getPrimeP(KMRSAPrivateCrtKey.java:87)
        at sun.security.rsa.RSACore.crtCrypt(RSACore.java:168)
        at sun.security.rsa.RSACore.rsa(RSACore.java:122)
        at sun.security.rsa.RSAPSSSignature.engineSign(RSAPSSSignature.java:371)
        at java.security.Signature.engineSign(Signature.java:1382)
        at java.security.Signature.sign(Signature.java:698)
        at sun.security.ssl.CertificateVerify.<init>(CertificateVerify.java:608)
        at 
sun.security.ssl.CertificateVerify.produce(CertificateVerify.java:760)
        at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
        at sun.security.ssl.ServerHelloDone.consume(ServerHelloDone.java:182)
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:149)
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1143)
        at 
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1054)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394)
        


Is this fix is planned for OpenJDK 8u312?

-------------

PR: https://git.openjdk.java.net/jdk/pull/4887

Reply via email to