On Thu, 21 Mar 2024 17:17:41 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> Hi, >> >> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY >> keys from the NSS Software Token". See more details in the JBS ticket [1]. >> >> No regressions observed in jdk/sun/security/pkcs11. >> >> Thanks, >> Martin.- >> >> -- >> [1] - https://bugs.openjdk.org/browse/JDK-8328556 > > Martin Balao has updated the pull request incrementally with one additional > commit since the last revision: > > Test TestLargeSecretKeys added. Update: I found that an existing PKCS11Test configuration (p11-nss-sensitive.txt) sets CKA_SENSITIVE to CK_TRUE for secret keys. Combining this with the DH large secret key derivation trick led to a viable reproducer without having to introduce a FIPS configuration. ------------- PR Comment: https://git.openjdk.org/jdk/pull/18389#issuecomment-2013100964
