On Thu, 21 Mar 2024 17:23:44 GMT, Martin Balao wrote:
>> Hi,
>>
>> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
>> keys from the NSS Software Token". See more details in the JBS ticket [1].
>>
>> No regressions observed in jdk/sun/security/pkcs11.
>>
>> Thanks,
> Hi,
>
> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
> keys from the NSS Software Token". See more details in the JBS ticket [1].
>
> No regressions observed in jdk/sun/security/pkcs11.
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.org/browse/JDK-8
On Thu, 21 Mar 2024 17:17:41 GMT, Martin Balao wrote:
>> Hi,
>>
>> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
>> keys from the NSS Software Token". See more details in the JBS ticket [1].
>>
>> No regressions observed in jdk/sun/security/pkcs11.
>>
>> Thanks,
> Hi,
>
> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
> keys from the NSS Software Token". See more details in the JBS ticket [1].
>
> No regressions observed in jdk/sun/security/pkcs11.
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.org/browse/JDK-8
On Thu, 21 Mar 2024 06:32:56 GMT, Daniel Jeliński wrote:
> Would it be possible to add a regression test for this? I think you should be
> able to trigger a failure by calculating a HMAC using the same key two times.
May be possible. To create a large secret key we can use a DH derivation + TLS
On Wed, 20 Mar 2024 03:39:58 GMT, Martin Balao wrote:
> Hi,
>
> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
> keys from the NSS Software Token". See more details in the JBS ticket [1].
>
> No regressions observed in jdk/sun/security/pkcs11.
>
> Thanks,
> Martin
Hi,
I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
keys from the NSS Software Token". See more details in the JBS ticket [1].
No regressions observed in jdk/sun/security/pkcs11.
Thanks,
Martin.-
--
[1] - https://bugs.openjdk.org/browse/JDK-8328556
-
C
