On Thu, 25 Sep 2025 16:28:25 GMT, Daniel Jeliński <[email protected]> wrote:
> The DiffieHellman KeyAgreement supports 2 key algorithms: TlsPremasterSecret > and Generic. The Generic algorithm is supposed to generate keys of a constant > length, keeping leading zeroes as appropriate. > > This PR changes the SunPKCS11 implementation to pass a CKA_VALUE_LEN > attribute when a fixed length is needed; when the attribute is absent, the > PKCS11 provider strips the leading zeroes. > > Added a check to the existing test cases to verify the fix. The check passes > with the fix, fails without it. Other tier1-3 tests continue to pass. This pull request has now been integrated. Changeset: 914b44e2 Author: Daniel Jeliński <[email protected]> URL: https://git.openjdk.org/jdk/commit/914b44e277df23418736eb00c022bbd829d64e11 Stats: 88 lines in 3 files changed: 52 ins; 25 del; 11 mod 8368694: PKCS11-NSS generic keys generated by DH have leading zeroes stripped Reviewed-by: valeriep ------------- PR: https://git.openjdk.org/jdk/pull/27494
