jdk17u-dev
jdk17u-dev copied to clipboard
openjdk
8336499: Failure when creating non-CRT RSA private keys in SunPKCS11
Hi all, This pull request contains a backport of commit 3251eea from the openjdk/jdk repository. I've also resolved a build failure with the latest version of gtest(In JDK17) by backporting the fix. Thanks!
JBS Issue: JDK-8336499
Progress
- [x] Change must not contain extraneous whitespace
- [ ] JDK-8336499 needs maintainer approval
- [x] Commit message must refer to an issue
Issue
- JDK-8336499: Failure when creating non-CRT RSA private keys in SunPKCS11 (Bug - P4 - Requested)
Reviewing
Using git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk17u-dev.git pull/2979/head:pull/2979
$ git checkout pull/2979
Update a local copy of the PR:
$ git checkout pull/2979
$ git pull https://git.openjdk.org/jdk17u-dev.git pull/2979/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 2979
View PR using the GUI difftool:
$ git pr show -t 2979
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk17u-dev/pull/2979.diff
Using Webrev
Hi @Sorna-Sarathi, welcome to this OpenJDK project and thanks for contributing!
We do not recognize you as Contributor and need to ensure you have signed the Oracle Contributor Agreement (OCA). If you have not signed the OCA, please follow the instructions. Please fill in your GitHub username in the "Username" field of the application. Once you have signed the OCA, please let us know by writing /signed in a comment in this pull request.
If you already are an OpenJDK Author, Committer or Reviewer, please click here to open a new issue so that we can record that fact. Please use "Add GitHub user Sorna-Sarathi" as summary for the issue.
If you are contributing this work on behalf of your employer and your employer has signed the OCA, please let us know by writing /covered in a comment in this pull request.
![bridgekeeper[bot] avatar](https://avatars.githubusercontent.com/u/41768318?v=4 "Published by a pub.dev verified publisher"){kind=small}
@Sorna-Sarathi This change now passes all automated pre-integration checks.
ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.
After integration, the commit message for the final commit will be:
8336499: Failure when creating non-CRT RSA private keys in SunPKCS11
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.
At the time when this comment was updated there had been 38 new commits pushed to the master branch:
- cd08601f2036d92427caec7eac96cea16ddcbbba: 8358538: Update GHA Windows runner to 2025
- 34f76e39b4ed9984e157c932d8145f7adfeeed98: 8344671: Few JFR streaming tests fail with application not alive error on MacOS 15
- e21340398b5aaadc79a93ae612d080b9782d564d: 8345471: Clean up compiler/intrinsics/sha/cli tests
- ... and 35 more: https://git.openjdk.org/jdk17u-dev/compare/37b986700f5cdc95eaf31e0c6145fa3f6ca05cbf...master
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.
As you do not have Committer status in this project an existing Committer must agree to sponsor your change.
➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).
Thank you! Please allow for a few business days to verify that your employer has signed the OCA. Also, please note that pull requests that are pending an OCA check will not usually be evaluated, so your patience is appreciated!
⚠️ @Sorna-Sarathi This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.
@Sorna-Sarathi This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!
/approval request fixes failure when creating non-CRT RSA private keys in SunPKCS11. Backporting it.
@Sorna-Sarathi This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!
@Sorna-Sarathi This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!
Hi @GoeLin, I had tested Tier 2 level tests for this change and it ended with few failures. I also checked with them and they're not related to the current backport changes. Regarding the GHA failures, the "xcode-select: error: invalid developer directory '/Applications/Xcode_14.3.1.app/Contents/Developer'" issue which has been resolved by https://github.com/openjdk/jdk17u-dev/commit/82a609dd7841eab66866e785ddd035b55d441970.
/approval request fixes failure when a non-CRT key is created in a token, the query including all attributes will fail and CKA_MODULUS and CKA_PRIVATE_EXPONENT will not be available and will throw an error. Backporting it.
Hi @GoeLin,
Fix Request 17u
Backporting this patch to fix the issue described. The patch applies cleanly.
Risk is medium. It changes the critical component security-libs. No regressions observed in jdk/sun/security/pkcs11 . A regression test is hard to test for pre PKCS 11 standard v2.40 explained in the JBS comment.
Ran the tier 1-2 tests. Tier 2 ended with few failures and they aren't related to the current changes.
Thanks, Sorna Sarathi.
Hi @Sorna-Sarathi Thanks for testing etc. Basically this is good to go now. I ran it through our testing without issues. But I think we should await till this has some live coverage. So I'll label jdk17u-defer-next and approve it some later. Thanks.
@Sorna-Sarathi This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!
@Sorna-Sarathi This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.
@Sorna-Sarathi This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply issue a /touch or /keepalive command to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!
Hi @Sorna-Sarathi I think it is time now to push this. Can you please merge head for new testing?
Hi @Sorna-Sarathi I think it is time now to push this. Can you please merge head for new testing?
Hi @GoeLin Merged and the tests were also passed.
@Sorna-Sarathi Your change (at version 0e73df15cbd037be44dc9d35de1c67a27c2f58a0) is now ready to be sponsored by a Committer.
Going to push as commit 2a9bba29dde0bbce4356c2e75317a68ca98c7ea4.
Since your change was applied there have been 40 commits pushed to the master branch:
- 8e1ab5ec71fa44b8f6fd2cf3897c9ec4a9bfbeaf: 8298340: java/net/httpclient/CancelRequestTest.java fails with AssertionError: Found some subscribers for testPostInterrupt
- 93ae31e9308781122841374b2a2f150cb3a255f2: 8297200: java/net/httpclient/SpecialHeadersTest.java failed once in AssertionError due to selector thread remaining alive
- cd08601f2036d92427caec7eac96cea16ddcbbba: 8358538: Update GHA Windows runner to 2025
- ... and 37 more: https://git.openjdk.org/jdk17u-dev/compare/37b986700f5cdc95eaf31e0c6145fa3f6ca05cbf...master
Your commit was automatically rebased without conflicts.