-
Bug
-
Resolution: Fixed
-
P4
-
13, 26
-
None
-
master
Observed when testing SunPKCS11, but may also affect other providers.
Session ticket decryption assumes that the cipher in use will work with the minimal output buffer size. However, due to a limitation of older NSS versions, SunPKCS11 AES cipher requires a larger buffer size for decryption [1], and the decryption fails with a ShortBufferException.
[1] https://github.com/openjdk/jdk/blob/303686684c23db465ccfb6a9b4861a673bfa5f4b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java#L500-L503
Session ticket decryption assumes that the cipher in use will work with the minimal output buffer size. However, due to a limitation of older NSS versions, SunPKCS11 AES cipher requires a larger buffer size for decryption [1], and the decryption fails with a ShortBufferException.
[1] https://github.com/openjdk/jdk/blob/303686684c23db465ccfb6a9b4861a673bfa5f4b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java#L500-L503
- links to
-
Commit(master)
openjdk/jdk/3c9fd768
-
Review(master)
openjdk/jdk/27463