On Wed, 8 Oct 2025 10:13:01 GMT, Daniel Jeliński <[email protected]> wrote:
>> The DiffieHellman KeyAgreement supports 2 key algorithms: TlsPremasterSecret >> and Generic. The Generic algorithm is supposed to generate keys of a >> constant length, keeping leading zeroes as appropriate. >> >> This PR changes the SunPKCS11 implementation to pass a CKA_VALUE_LEN >> attribute when a fixed length is needed; when the attribute is absent, the >> PKCS11 provider strips the leading zeroes. >> >> Added a check to the existing test cases to verify the fix. The check passes >> with the fix, fails without it. Other tier1-3 tests continue to pass. > > Daniel Jeliński has updated the pull request incrementally with one > additional commit since the last revision: > > Use CKA_VALUE_LEN in parameterless engineGenerateSecret Changes look good. ------------- Marked as reviewed by valeriep (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/27494#pullrequestreview-3315836291
