Blob Blame History Raw
# HG changeset patch
# User mbalao
# Date 1596572361 10800
#      Tue Aug 04 17:19:21 2020 -0300
# Node ID d8a0513b92ee262d4e64c1e13d43e1b3f3e5c5d5
# Parent  a259b5b1bc7cc4dd0d8fa19e8bdbf96a4e76224f
8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
Reviewed-by: valeriep
Contributed-by: zzambers@redhat.com

diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java
@@ -279,7 +279,9 @@
         SecureRandom sr)
         throws InvalidKeyException, InvalidAlgorithmParameterException {
         reset(true);
-        if (fixedKeySize != -1 && key.getEncoded().length != fixedKeySize) {
+        if (fixedKeySize != -1 &&
+                ((key instanceof P11Key) ? ((P11Key) key).length() >> 3 :
+                            key.getEncoded().length) != fixedKeySize) {
             throw new InvalidKeyException("Key size is invalid");
         }
         P11Key newKey = P11SecretKeyFactory.convertKey(token, key, ALGO);
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java
@@ -345,7 +345,9 @@
             SecureRandom random)
             throws InvalidKeyException, InvalidAlgorithmParameterException {
         reset(true);
-        if (fixedKeySize != -1 && key.getEncoded().length != fixedKeySize) {
+        if (fixedKeySize != -1 &&
+                ((key instanceof P11Key) ? ((P11Key) key).length() >> 3 :
+                            key.getEncoded().length) != fixedKeySize) {
             throw new InvalidKeyException("Key size is invalid");
         }
         switch (opmode) {