Skip to content

Commit

Permalink
8325254: CKA_TOKEN private and secret keys are not necessarily sensitive
Browse files Browse the repository at this point in the history
Backport-of: 0f5f3c9b9718c610406088327401210486447462
  • Loading branch information
martinuy committed Feb 23, 2024
1 parent e69b611 commit c80bb72
Showing 1 changed file with 3 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -401,8 +401,9 @@ static PrivateKey privateKey(Session session, long keyID, String algorithm,
new CK_ATTRIBUTE(CKA_EXTRACTABLE),
});

boolean keySensitive = (attrs[0].getBoolean() ||
attrs[1].getBoolean() || !attrs[2].getBoolean());
boolean keySensitive =
(attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
attrs[1].getBoolean() || !attrs[2].getBoolean();

return switch (algorithm) {
case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm,
Expand Down

1 comment on commit c80bb72

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.