Skip to content

Commit

Permalink
8325254: CKA_TOKEN private and secret keys are not necessarily sensitive
Browse files Browse the repository at this point in the history
Reviewed-by: valeriep
  • Loading branch information
martinuy committed Feb 6, 2024
1 parent 4b1e367 commit 0f5f3c9
Showing 1 changed file with 3 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -395,8 +395,9 @@ static PrivateKey privateKey(Session session, long keyID, String algorithm,
new CK_ATTRIBUTE(CKA_EXTRACTABLE),
});

boolean keySensitive = (attrs[0].getBoolean() ||
attrs[1].getBoolean() || !attrs[2].getBoolean());
boolean keySensitive =
(attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
attrs[1].getBoolean() || !attrs[2].getBoolean();

return switch (algorithm) {
case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm,
Expand Down

5 comments on commit 0f5f3c9

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@martinuy
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk21u-dev

@openjdk
Copy link

@openjdk openjdk bot commented on 0f5f3c9 Feb 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@martinuy the backport was successfully created on the branch backport-martinuy-0f5f3c9b in my personal fork of openjdk/jdk21u-dev. To create a pull request with this backport targeting openjdk/jdk21u-dev:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit 0f5f3c9b from the openjdk/jdk repository.

The commit being backported was authored by Martin Balao on 6 Feb 2024 and was reviewed by Valerie Peng.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk21u-dev:

$ git fetch https://github.com/openjdk-bots/jdk21u-dev.git backport-martinuy-0f5f3c9b:backport-martinuy-0f5f3c9b
$ git checkout backport-martinuy-0f5f3c9b
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk21u-dev.git backport-martinuy-0f5f3c9b

⚠️ @martinuy You are not yet a collaborator in my fork openjdk-bots/jdk21u-dev. An invite will be sent out and you need to accept it before you can proceed.

@martinuy
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk17u-dev

@openjdk
Copy link

@openjdk openjdk bot commented on 0f5f3c9 Feb 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@martinuy the backport was successfully created on the branch backport-martinuy-0f5f3c9b in my personal fork of openjdk/jdk17u-dev. To create a pull request with this backport targeting openjdk/jdk17u-dev:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit 0f5f3c9b from the openjdk/jdk repository.

The commit being backported was authored by Martin Balao on 6 Feb 2024 and was reviewed by Valerie Peng.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk17u-dev:

$ git fetch https://github.com/openjdk-bots/jdk17u-dev.git backport-martinuy-0f5f3c9b:backport-martinuy-0f5f3c9b
$ git checkout backport-martinuy-0f5f3c9b
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk17u-dev.git backport-martinuy-0f5f3c9b

Please sign in to comment.