On Tue, 14 Dec 2021 18:33:47 GMT, Valerie Peng <valer...@openjdk.org> wrote:
> Can someone help review this small fix? NSS returns PKCS11 > CKR_ATTRIBUTE_SENSITIVE error when trying to retrieve CKA_VALUE out of its > token keys. So this fix is to add special handling for NSS token secret keys. > There is already an existing regression test which detects this and disabled > in ProblemList.txt. Removing that test from ProblemList.txt to verify this > fix. > > Thanks, > Valerie Since the return error code is PKCS11 CKR_ATTRIBUTE_SENSITIVE, does it make sense to assign `sensitive = true` right at the beginning? I'm not a PKCS11 expert and not sure if this has any negative effect on https://github.com/openjdk/jdk/blob/ea8d3c92c69c393cdbc6c62398f1e9c6adc708d3/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java#L1394 (where the `sensitive` flag is used). ------------- PR: https://git.openjdk.java.net/jdk/pull/6837
