Re: RFR: 8349849: PKCS11 SunTlsKeyMaterial crashes when used with TLS1.2 TlsKeyMaterialParameterSpec

Sean Mullan Thu, 13 Feb 2025 10:16:41 -0800

On Wed, 12 Feb 2025 10:02:55 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:


> Please review this trivial fix that ensures that the mechanism always matches 
> the parameter class type.
> 
> I added a new test case that crashes without the fix, passes with the fix. 
> Existing tier1-3 test cases continue to pass.

@valeriepeng Please review this fix.

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java
 line 122:

> 120:         } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
> 121:             mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
> 122:         } else if (tlsVersion == 0x0303) {

Should TLS 1.2 also use CKM_TLS12_KEY_AND_MAC_DERIVE?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/23583#issuecomment-2657385149
PR Review Comment: https://git.openjdk.org/jdk/pull/23583#discussion_r1955005436

Re: RFR: 8349849: PKCS11 SunTlsKeyMaterial crashes when used with TLS1.2 TlsKeyMaterialParameterSpec

Reply via email to